The CyberWire Daily Briefing for 11.27.2012

Cyber Attacks, Threats, and Vulnerabilities

Data-Annihilation Malware Still Alive (Dark Reading) 'Narilam' malware has been in circulation for two to three years; Iranian CERT says it targets databases of specific financial software in Iran. Data-annihilation attacks don't typically have a long shelf life: They rely on the element of surprise to incur as much damage as possible before they are discovered and purged. But sometimes they have a long tail and continue to spread, like the recently analyzed Narilam malware

Evolving DDoS Attacks Force Defenders to Adapt (Dark Reading) Distributed denial-of-service attacks get bigger and combine application-layer exploits requiring defenders to be more agile. In the past, attackers using distributed denial-of-service (DDoS) attacks to take down Web sites or network servers typically adopted one of two tactics: Flooding the site with a deluge of data or overwhelming an application server with seemingly valid requests

FLAMING RETORT: Linux rootkit news 'provides some comic relief' (Naked Security) About two weeks ago, a posting on the Full Disclosure Mailing List announced a new Linux rootkit. Indeed, the posting didn't just announce the malware, but included a fully-working sample

BlackHole Prominent Malware Issue during October 2012 (SPAMfighter News) A new malware analysis report by GFI Software for October 2012 states that one major problem over the month was BlackHole the cyber-criminals' attack

Security Brief: Israel, Palestine, Malware (Softpedia) This week, Israel and Palestine have signed a ceasefire agreement and most hacktivists stopped launching cyberattacks. However, before the agreement was signed, hackers from both sides launched numerous attacks. Pro-Palestine hackers breached several websites as part of OpIsrael, including ones of Microsoft

Google, Apple victims of cyber-attack in Pakistan (New Europe) Web sites belonging to some of the tech world's biggest names, including Google, Apple and Yahoo, were hacked and damaged over the weekend, following a massive cyber-attack on Pakistani domains. A total number of 258 web pages with 'pk' domain

Cyber threats to energy security, as experienced by Saudi Arabia (Platts) One oil major told me a few days ago: "We're constantly under cyber attack." But there is still a sense of denial hanging over the issue. So while no less a figure than US Defense Secretary Leon Panetta can describe the al-Shamoon virus which assaulted

eBay patches two critical security flaws on US website (Help Net Security) Two critical vulnerabilities in eBay's US website (ebay.com) have been closed by the company, preventing attackers from accessing and modifying one of its databases as well as steal eBay users' login

DIY mass iFrame injecting Apache module sold online (Help Net Security) The wish to automate repetitive and boring tasks is not restricted to those who engage in legal enterprises, so it's no wonder that we have lately witnessed a rise in DIY kits marketed to cyber crooks

Las Vegas Newspaper Recovers From Cyber Attack (CBS Local) Internet websites for the Las Vegas Sun and three related entities are back up and running after a weekend cyberattack overwhelmed servers and blocked access. The newspaper reports that the Greenspun Media Group websites lasvegassun. com, lasvegasweekly.

Nationwide customers notified of breach, PI theft (Help Net Security) Nationwide, one of the largest insurance and financial services companies in the world, has been sending out letters to notify some of its clients about the compromise and potential compromise

Another cyber-attack, another chance your identity could be at risk (WMBF) It has happened again, there was another cyber attack on a computer system in South Carolina which could put thousands of people's identities at risk. The state's insurance department reports hackers might have stolen key

Chrome Zero-Day Presentation Gives Way to Mandatory Military Service (Threatpost) The saga of the latest zero-day vulnerability and exploit for the Google Chrome browser took another mysterious turn over the weekend. The 19-year-old Georgian security researcher who found the vulnerability in the browser was called up for compulsory military duty in his country and was unable to deliver his presentation Saturday at the Malcon security conference in India. Conference organizer Rajshekhar Murthy told Threatpost in an email that Ucha Gobejishvili was called in last minute and was not able to travel to New Delhi

'Confidential information' in shredded Macy's Thanksgiving Day Parade confetti (Naked Security) The world's most famous Thanksgiving parade is probably not where you'd expect to find shredded confidential police documents. But that's exactly what Ethan Finkelstein says he found while enjoying the annual parade in New York City last Thursday, according to an American news station

How South Carolina Failed To Spot Hack Attack (InformationWeek) Attackers stole 3.3 million businesses' bank details and 1.9 million social security numbers, cost the state $14 million for cleanup

Faulty CSS Leads Users to Believe Kaspersky Site Was Hacked (Softpedia) Users who visited Kasperskys Anti-Virus 6. 0 MP3 for Windows Workstations webpage yesterday could see a picture of the symbolic Nyan Cat on top of the normal content. A few hours later, the company addressed the issue and revealed that the defacement was caused by a buggy CSS

Cyber Trends

Log All The Things (Dark Reading) How the growing granularity in computing is going to affect monitoring. Yes, computers are smaller now. From the behemoths of old to systems on a chip, we've seen a change in the form factor such that these days, you could just about lose millions of SSNs if your USB navel piercing fell down the shower drain. And that's not even counting the sprawl when it comes to virtual machines

Antivirus software a waste of money for businesses, report suggests (TechWorld) Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it, an analysis by security firm Imperva has concluded. Reports questioning the protection offered by antivirus suites has become a staple theme among researchers in recent times and the study Assessing the Effectiveness of Anti-Virus Solutions, carried out for Imperva by the University of Tel Aviv, is another addition to that sobering collection. The team ran a collection of 82 new malware files through the VirusTotal system that checks files against around 40 different antivirus products, finding that the initial detection rate was a startling zero

Cybersecurity worries spur fears of cost and regulation (intelligentutility) The long political fight over the security of the nation's computer networks is expected to re-ignite next year -- with the safety and convenience of virtually every American on the table. At stake is the nation's cyberspace, increasingly at risk from playful hackers, thieves, fraudsters, foreign spies and terrorists. Experts insist everything from online gift-buying to transportation systems to the electricity in your home is endangered

European, Canadian enterprises approach BYOD cautiously (Fierce Mobile IT) European and Canadian enterprises are allowing BYOD in increasing numbers, but more than half of IT professionals in those regions believe that the security risks outweigh the benefits

Web content management vendors are MIA when it comes to mobility (Fierce Mobile IT) Web content management vendors are "missing in action" when it comes to mobility, judged Forrester analysts David Aponovich and Michael Facemire

Gartner: Industry demand to spur tablet sales in China (Fierce Mobile IT) The increasing use of tablets in the hospitality, insurance, finance, retail, transportation, and education vertical markets is expected to fuel a surge in tablet shipments in China over the next four years, predicted market research firm Gartner

Cyberattacks Cause Considerable Economic Damage to Governments, EP Says (Softpedia) A report recently published by the European Parliament (EP) highlights the fact that recent cyberattacks have caused considerable economic damage to European Union (EU) member states. In the report, Tunne Kelam an Estonian politician and a Member of the European Parliament underscores the fact that member states and the EU in general have become crucially reliant on cyberspace. Cyber challenges, threats and attacks are growing at a dramatic pace and constitute a major threat to the security, defence, stability and competitiveness of the nation states as well as of the private sector; whereas such threats should not therefore be considered future issues, the report reads

Marketplace

Contractors move to save cybersecurity funding (Politico) As new threats emerge, the administration has tried to secure for the Department of Homeland Security and DOD even more cyber aid, and congressional appropriators have mostly fulfilled the requests. While those agencies may lead the way in deterring

Defense Stocks Seen Gyrating Fiscal Cliff Or No (Bloomberg Government) Investors are betting on the biggest price swings for defense stocks in a year, even as U.S. lawmakers and the Obama administration push for a deal to avoid the fiscal cliffs automatic cuts to Pentagon spending

Maryland lawmakers turn state into 'Fort Cyber' (Politico) Make no mistake, the cybersecurity threat is no farce: Hackers have infiltrated U.S. government systems and routinely set their sights on the Pentagon and Department of Homeland Security. Companies around the world are equally appealing targets

A Virtual Battleground For Pentagon's Cyberwarriors (Washington Post) CyberCity has all the makings of a regular town. Theres a bank, a hospital and a power plant. A train station operates near a water tower. The coffee shop offers free WiFi. But only certain people can get in: government hackers preparing for battles in cyberspace

Treasury office opts for phased approach to big data solution (Fierce Government IT) In search of a comprehensive big data solution, the Office for Financial Research within the Treasury Department has concluded that in fact it's better off taking a phased approach

Navy official emphasizes quality, not quantity in data center consolidation (Fierce Government IT) The Navy Department has closed between five and seven data centers so far as part of its effort to reduce its total down to 25 or below by 2017, departmental Chief Information Officer Terry Halvorsen told reporters Nov. 26

Spy Tech: 10 CIA-Backed Investments (InformationWeek) Check out some of the latest technologies to win funding from In-Q-Tel, the venture investment arm of the CIA and other intelligence agencies. That's the first step toward use by agents and analysts

ManTech Wins Prime Position on $7B Software Engineering Contract (GovConWire) ManTech International Corp. (NASDAQ:MANT) has been awarded a prime position on a $7 billion contract to provide software and systems engineering services to an Army software engineering center. According to a company statement, the indefinite-delivery/indefinite-quantity, multiple-award contract from the Communications-Electronics Command Life Cycle Management Command's Software Engineering Center has a two-year base period, one two-year option and

Claimed $400m Google buyout is fake, ICOA boss warns (Register) It was a lousy start to the post-Thanksgiving weekend for the management of US hotspot provider ICOA after the company fell victim to what looks like a classic pump-and-dump stock scam

PRWeb Releases Press Release About Its Fake Press Release, But The Circle Of Trust Is Already Broken (TechCrunch) PRWeb has just put out a press release about the fraudulent press release it released (and we erroneously reported) this morning. Ha. From the press release: "PRWeb transmitted a press release for ICOA that we have since learned was fraudulent. The release was not issued or authorized by ICOA. Vocus reviews all press releases and follows an internal process designed to maintain the integrity

How one fake press release on a Google 'acquisition' fooled the press (Ars Technica) Did Google buy ICOA? No. Did media outlets run with the story anyway? Yes

Panda Security, CentraStage Confirm Cloud RMM Relationship (MSPmentor) Panda Security and CentraStage have confirmed a cloud-based RMM (remote monitoring and management) business relationship that MSPmentor uncovered last week

Mile2 Helps Businesses Protect Sensitive Information (investmentunderground) With training courses in IT security, data protection, risk management, and information assurance, Mile2 has a reputation for helping businesses all over the world. Established after 9/11, Mile2 is corporately located in Tampa, Florida and has almost

It's Not Just Indians and Taiwanese Anymore (Slate) A new group may be on the way up in the immigrant-dominated tech world. While Silicon Valley is an immigrant-friendly place--witness Russian-born Sergey Brin's triumph at Google or Hungarian-born Andy Grove's success at Intel--there are signs that immigrants' influence in the tech mecca may be plateauing. A study released last month by AnnaLee Saxenian of Berkeley and Vivek Wadhwa of Duke found that 43.9 percent of Silicon Valley startups launched in the past seven years had at least one key founder who was an immigrant. That's a big number, but it's a drop from 2005, when 52.4 percent of startups were immigrant-founded

Twitter's First Designer, Vitor Lourenco, Leaves The Company After Five Years (TechCrunch) Things change everywhere, especially at startups. Sometimes, the people who start something aren't the ones who end up "finishing" it, and that's the case today with one very important person at Twitter. In a tweet, Twitter's first designer, Vitor Lourenco, announced that he's leaving the company after five years

Products, Services, and Solutions

Panorama9 Launches Patch Management For Mac (Dark Reading) Tool automates tedious patch management activities

LabTech And Symantec Complete Integration Of Backup and Endpoint Security Solutions For IT Service Providers (Dark Reading) MSPs can use LabTech's RMM tools to deploy, set up, manage, and monitor backup and endpoint security across multiple domains

New Visa Consumer Authentication Service Combats eCommerce Fraud (Dark Reading) Solution designed to seamlessly support an issuer's Three Domain Secure (3-D Secure) program

Microsoft Targets Growing Mobile Workforce With 15% Hike In Corporate User Licensing Fees (TechCrunch) Microsoft is targeting the growing mobile workforce with a 15% hike in license fees directed primarily at companies that have employees who use smartphone and other mobile devices in their work

64-bit Firefox for Windows should be prioritized, not suspended (Ars Technica) 64-bit browsers are more stable and more secure; Mozilla should build one

Google Adds Cloud Infrastructure Muscle Vs. Amazon (InformationWeek) Google Compute Engine's first major upgrade adds 26 server instances to its cloud catalog, cuts prices to become more competitive

BlackBerry 10 is Going to Have the Best Web Browser of Any Mobile Platform (Techvibes Newsdesk) One of the biggest drawbacks of current BlackBerry devices is their mediocre mobile web experience. Most have small screens, low resolutions, and no touch functionality. That makes browsing via the mobile web a real pain

Technologies, Techniques, and Standards

How to Prevent Spear Phishing Attacks (eSecurity Planet) While security software can help prevent spear phishing attacks, staff training is the best way to avoid phishing losses. An unsuspecting secretary receives an email about a package due for delivery, and clicks on a link or an attachment in the message to track its progress. In that split second, she unknowingly compromises

Approaching Mobile App Security - 4 Areas of Focus Before Developing Apps (Bank Information Security) This is the first in a series of new blogs addressing mobile application security. Future installments by the author will address security threats posed by third-party apps and how to address them. In 1996, my first cellphone provided me with 30 minutes of talk time for $29

Research and Development

The Rising Science Of Social Influence — How Predictable Is Your Online Behaviour? (TechCrunch) Techcrunch recently ran a piece by Michael Wu of Lithium. The following is a response written by Ferenc Huszar, who, prior to jointing Peer Index, was the lead data scientist at the Machine Learning Lab at Cambridge University. Quantifying aspects of human behaviour and social phenomena has never been simple. But in today's world, one thing is inescapable. We are creating a new market and

NSF RFC on Cybersecurity Research Strategic Plan (Cryptome) This Request For Comments (RFC) is issued by the Cyber Security and Information Assurance Research and Development Senior Steering Group (SSG) of the Federal Networking and Information Technology Research and Development (NITRD) Program. The SSG is preparing a report to provide an update on technological developments in Federal cybersecurity research and development since the release of the 2011 Federal Cybersecurity Research and Development Strategic Plan

Academia

The school that trains cyber spies: U.S. university training students in online espionage for jobs in the NSA and CIA (Daily Mail) A university is offering a two-year course in cyber-espionage, with recruits going on to jobs with the CIA, the National Security Agency and the Secret Service. Students at the University of Tulsa, Oklahoma, are learning how to write computer viruses, hack networks, crack passwords and mine data from a range of digital devices

Trend Micro talks online safety at Melbourne school (CSO) The Melbourne school had a visit from Trend Micro's Cyber Safety Squad, led by the security vendor's safety expert, Aman Chand

Q&A with Salman Khan (MIT Technology Review) An amateur teacher who rocketed to fame on the Internet tells us how he'll take his free video tutorials to the next level. What kind of crazy teacher would put high-school math on a site known for cat videos? In his new book, The One World School House: Education Reimagined, Salman Khan recalls how, eight years ago, he uploaded his first mathematics tutorial to YouTube. "I had no preconceived notions about how people learned; I was constrained by no orthodoxy regarding the 'right' way to do things," he writes

Legislation, Policy, and Regulation

Cyber attack reporting will boost defence capability, says Neelie Kroes (Computer Weekly) The European Commission (EC) is considering making it mandatory for companies to report cyber attacks to harness the benefits of open dialogue, says vice-president Neelie Kroes. Despite industry opposition, open discussion about cyber threats is vital to enable organisations to learn and improve understanding of the issue, she told the German publication Sddeutsche Zeitung. Details of the EUs plans are likely to be revealed later this year with the publication of the its cyber security strategy

Pace of US Cyber-Preparedness Accelerating (Forbes) Three recent moves by the Pentagon, State Department and White House indicate that the pace of preparation for engaging in offensive cyber attacks is increasing. The first was the speech given by Leon Panetta, Secretary of Defense on October 12 where

Google Encourages Action Against UN Internet Proposals (InformationWeek) Google fears that upcoming conference could give governments too much control over Internet governance, launches an online campaign to keep everyone in the loop

White House Advances Insider Threat Policy (FAS) In a memorandum to agency heads last week, President Obama transmitted formal requirements that agencies must meet in order to deter, detect, and mitigate actions by employees who may represent a threat to national security. Along with espionage and acts of violence, the National Insider Threat Policy notably extends to the unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks. To combat such unauthorized disclosures, agencies are required to monitor employee use of classified networks

India-U.S. Security Relations: Current Engagement (FAS) U.S.-India engagement on shared security interests is a topic of interest to the U.S. Congress, where there is considerable support for a deepened U.S. partnership with the worlds largest democracy. Congressional advocacy of closer relations with India is generally bipartisan and widespread; House and Senate caucuses on India and Indian-Americans are the largest of their kind. Caucus leaders have encouraged the Obama Administration to work toward improving the compatibility of the U.S. and Indian defense acquisitions systems, as well as to seek potential opportunities for co-development or co-production of military weapons systems with India

Litigation, Investigation, and Law Enforcement

Google Responsible For Other Peoples' Lies, Deems Australian Court (TechCrunch) Google is now legally responsible for every crazy thing on the Internet–at least, in Australia. The Supreme Court of Victoria fined Google $200,000 for not removing defamatory rumors linking music promoter, Milorad Trkulja, to organized crime. The court reasoned that Google is a "publisher" because it displays content and links to offending websites

HP says its products sold unknowingly to Syria by partner (IT World) Hewlett-Packard said in a letter to the U.S. Securities and Exchange Commission that it had determined that its products were procured from a partner that was not informed that their ultimate destination was Syria

Feds scoop up 132 websites in annual cyber Monday ritual (GigaOM) The Department of Homeland Security celebrated a holiday tradition of its own today by announcing the seizure of dozens of domain names that were allegedly used to sell fake consumer swag like jerseys and jewelry. Once again, the seizures came with

Chinese police swoops down on personal information thieves (Help Net Security) Eleven people have been arrested by Shanghai's Fengxian district police following the discovery that they have been selling personal information to anyone willing to pay for it

DOT IG critical of recurring FISMA security weaknesses (Fierce Government IT) Despite a series of damning, yearly Federal Information Security Management Act compliance audits, the Transportation Department failed again in fiscal 2012 to remedy recurring weaknesses that expose the department to serious security threats, according to a Nov. 14 Office of Inspector General report. Twenty-one of 35 open recommendations made since 2009 remain open, say report authors

Suit alleges H-P tried to back out of Autonomy deal before it closed (Quartz) A lawsuit filed against Hewlett-Packard in US federal court accuses the company of misleading investors before taking a $8.8 billion writedown over accounting maninpulation at Autonomy, the British software maker that H-P acquired last year

HP's Accounts Bombshell: A Guide for the Perplexed (Slate) Hewlett-Packard claims it was duped into hugely overpaying for Autonomy, prompting an $8.8 billion writedown. It blames at least $5 billion directly on dodgy book-keeping. Autonomy founder Mike Lynch says his company played by the rules. But complicated procedures for categorising sales and recognising revenue are critical to the strength of HP's three central allegations

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

First Annual Maryland Digital Forensics Investigation Conference and Challenge (, Jan 1, 1970) Test your knowledge of digital forensics and cyber investigations. Academic teams of four students from Maryland high schools, community colleges and universities will compete for prizes in the Cyber Crime Case Challenge. Law enforcement officers, public officials and others interested in observing the challenge, attending exciting briefings and the DC3 Digital Forensics Tool Expo are cordially invited to attend. Businesses with an interest in digital forensics (and a lot of them should be) are of course also welcome. Speakers will include Senator Barbara Mikulski, Lieutenant General (Retired) Ken Minihan (NSA), Haden Land (Lockheed Martin), "Mo" Baginski (NSA & FBI), Brigadier General (Retired) Bernie Skoch (CyberPatriot). It promises to be an interesting and exciting event.

Digital Security Summit (Riyadh, Saudi Arabia, Dec 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.

Passwords^12 (, Jan 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO FreeBSD, inventor of scrypt), Simon Marechal (John the Ripper co-developer), Frank Stajano (Cambridge) and many more, this will be the premier event for everything and anything related to password security. Passwords^12 is the first and only conference of its kind, bringing together academic institutions, researchers and security professionals from around the world. It's a not-for-profit and non-commercial conference. No sales personnel, no marketing managers and deep technical talks.

CompTIA Security+ Certification Boot Camp Training Program (Baltimore, Maryland, USA, Dec 3 - 6, 2012) For the cybergamut community, an opportunity to receive Computing Technology Industry Association certification.

Cybergamut Tech Tuesday: Sandboxing goes mainstream (Columbia, Maryland, Dec 4, 2012) An overview of sandboxing as a key security technology.

CIO Cloud Summit 2012 (, Jan 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.

BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.

2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.

SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.

#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.