The CyberWire Daily Briefing for 12.5.2012
It's a quiet news day for hacktivism and state-sponsored cyber attacks, but cyber criminals remain busy. eSecurity Planet has a useful compendium of cyber crime trend studies.
Gameover Zeus resumes its spearphishing campaign against US banking customers. A remote authentication bypass exploit affects Tectia SSH server, Free FTPD, and FreeSSHD for Windows. Last week's DNS poisoning of .ro domains is traced to RoTDL, which is now investigating the cause of the breach. Twitter users remain exposed to SMS spoofing; a Twitter patch helps only a subset of them. Windows AutoRun malware detected last week continues to spread.
Japanese attempts to shut down Android malware developers haven't been particularly successful, and Android devices in the US are now more attacked than PCs. Exploit kits continue to infest US networks, and Sophos finds that the malicious apps they package were, without exception, developed by white hat researchers, then copied and integrated by criminals operating in the black market. Children are becoming the chief targets of identity thieves: that poor children are more commonly exploited renders this trend especially loathsome.
The US Senate passes a Defense authorization bill more suggestive of policy direction than actual spending, but major cuts seem increasingly likely. SAIC announces 700 layoffs. BAE-Detica continues to position itself in the Australian market.
International Telecommunications Union (ITU) meetings in Dubai continue to provoke privacy and censorship concerns. Yesterday the ITU endorsed (over objections of Germany and some other members) a deep-packet inspection standard that would effectively mandate inspection of encrypted traffic.
Today's issue includes events affecting Algeria, Australia, Belarus, Brazil, China, Germany, India, Iran, Japan, Kazakhstan, Republic of Korea, Romania, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
'Gameover Zeus' Gang Launches New Attacks (Dark Reading) Campaign includes rigged emails spoofing major U.S. banks and offering 'secure email' exchange with banking customers
Tectia SSH Server Remote Authentication Bypass Exploit Published (Threatpost) Unix and Linux versions of Tectia SSH server as well as the open source versions of Free FTPD and FreeSSHD for Windows are vulnerable to a critical remote authentication bypass exploit published on the Free Disclosure List
RoTLD Admits It Was Hacked, Takes Responsibility for Google Romania Hijacking (Softpedia) Last week, a number of high-profile Romanian websites including Google. ro and Yahoo. ro redirected their visitors to a defacement page set up by an Algerian hacker
Twitter Users Vulnerable To SMS Spoofing Attack (InformationWeek) Twitter vulnerability would allow attackers to post messages to targeted accounts. Similar flaw has already been addressed by Facebook and SMS payment provider Venmo
Security firms warn of new AutoRun malware on Windows (Fierce CIO: TechWatch) Security vendors have detected a spike in malware that are spread through the AutoRun software on Windows, and are warning businesses about it. According to CSO Online, the latest infections are believed to happen through unpatched computers, shared folders and social media. The report noted that the malware is called /VBNA-X, W32/Autorun.worm.aaeb, W32.ChangeUp and WORM_VOBFUS, depending on the antivirus vendor…In this case, the use of shared folders on a corporate network is highlighted as the primary method for the spread of this new malware. As such, the advice is for administrators to ensure that AutoRun is disabled on all Windows operating systems, as well as restricting the write permissions of file shares. The latter will help protect against malware spreading within the corporate network
Electricity Supplier Adds Security Measures After Cyber Attack (Estonian Public Broadcasting) One of the companies vying for a piece of the soon-to-open electricity market, 220 Energia, was forced to shut down part of its website after being hit by a cyber attack on Tuesday afternoon
Tumblr worm proliferated due to XSS flaw (Help Net Security) Yesterday's worm rampage that left many a Tumblr site "defaced" with a message by Internet troll group GNAA was the result of improper input sanitation. "It appears that the worm took advantage
Despite Arrests, Android Malware Persists in Japan (Threatpost) Android malware developers in Japan continue to peddle their product across the Internet and through the Google Play marketplace, undeterred by recent arrests in the nation
Android devices in US face more malware attacks than PCs (PCWorld) The 2013 Security Threat Report from Sophos revealed that almost 10 percent of Android…Cyber criminals have also found ways to subvert two-factor
Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers (Naked Security) Who is feeding the Blackhole exploit kit? When security researchers make available easy-to-implement proof of concept code to demonstrate software vulnerabilities, you're really supporting the malicious exploit kit authors. SophosLabs expert Gabor Szappanos shows that the exploit kit authors aren't the ones discovering the zero day vulnerabilities
United States has the most blackhole exploits in the world, says Sophos (Venture Beat) Your neighborhood may seem clean and safe when you step outside, but in the midst of birds chirping and friendly waves, you could be living in cyber security hell. Security company Sophos released its Security Threats in 2013 report, which included analysis of which countries are the most at risk when it comes to malware and spam. Specifically the company looked at blackholes, or "prepackaged software kits," that live on an infected server. They then scan your computer for known vulnerabilities and exploit those holes to put viruses your computer
Children Increasingly Targeted For Identity Fraud, Study Says (Dark Reading) One in 40 families experience theft of personal data from a minor; lower-income families disproportionately affected. Cybercriminals are increasingly targeting children for identity theft, and lower-income families are the most frequent victims, according to a new study published today. Research firm Javelin Strategy released its first-ever 2012 Child Identity Fraud Survey Report, a detailed study of more than 5,100 U.S. households. The report, sponsored by identity fraud prevention company Intersections Inc. and the Identity Theft Assistance Center, states that one in 40 U.S. households experiences child identity theft at least once in the family's lifetime
Security Patches, Mitigations, and Software Updates
Twitter Resolves SMS Bug (For Some Users) (Threatpost) A day after an independant security researcher disclosed a vulnerability in SMS-enabled Twitter accounts, the social network giant announced it's fixed the flaw - at least for some users. Those who use a "long code" and/or cannot use a PIN code remain at risk
Security Patch released for BIND 9.9.2 (Internet Storm Center) A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1
Research Roundup: Current State of Cybercrime (eSecurity Planet) Among the findings in recent security research: More than one in six mobile apps contain high-risk code that can compromise user security, and 44 percent of adults aren't aware security solutions for mobile devices exist. Recent reports from Bitdefender, TrustGo, McAfee, Trustwave, nCircle, Symantec, FireEye, Lookout, Alert Logic and Arxan Technologies assess the current state of malware (both mobile and PC-based), spam
Preemptive strikes against cyber criminals is a 'complex' issue (Computer Business Review) "Twenty months into the National Cyber Security Programme, there appears to…While the idea was criticised at the time, James Lyne, Sophos director of
Three major impacts when moving to a BYOD policy (Help Net Security) Seventy percent of respondents in a recent survey by Gartner, Inc. said that they have or are planning to have BYOD policies within the next 12 months to allow employees to use personal mobile devices
Risk study identifies top pain points in 2013 (Help Net Security) The state of endpoint risk is not improving according to the fourth annual report researched by the Ponemon Institute. IT professionals reported the flood of mobile devices entering their corporate
Mass phishing emails a thing of the past? (Help Net Security) PhishMe predicts that phishers will be changing their tactics in 2013 – resorting to targeted spear phishing emails rather than the mass mails of the past. Spear phishing is an incredibly popular
Survey: IT Less Stressed About Cloud Security (Dark Reading) Four out of five IT pros say they are using public cloud services, CloudPassage data finds
Former National Security Officials Urge Military Cuts (Washington Wire) A bipartisan group of 15 former senior national security officials called Tuesday on lawmakers and the Obama administration to weigh military spending cuts as part of a broad deficit-reduction deal that avoids the so-called fiscal cliff
Fiscal Cliff Offers Hint At More Defense Cuts (Yahoo.com) House Republicans' "fiscal cliff" counteroffer to President Barack Obama hints at billions of dollars in military cuts on top of the nearly $500 billion that the White House and Congress backed last year, and even the fiercest defense hawks acknowledge that the Pentagon faces another financial hit
Senate Passes $631 Billion Defense Bill (Yahoo.com) The Senate overwhelmingly approved a sweeping, $631 billion defense bill Tuesday that sends a clear signal to President Barack Obama to move quickly to get U.S. combat troops out of Afghanistan, tightens sanctions on Iran and limits the president's authority in handling terror suspects
Feds Close The Once-Heralded Apps.gov Cloud Storefront (TechCrunch) The U.S. General Services Administration (GSA) has closed Apps.gov, the once-heralded cloud storefront established in the first months of the Obama Administration by former Federal Chief Information Officer Vivek Kundra
Raytheon BBN Developing Text Analysis Tools for DARPA (The New New Internet) Raytheon's BBN Technologies subsidiary is developing new tools for analyzing text and inferring meaning for a program sponsored by the Defense Advanced Research Projects Agency and the Air Force Research Laboratory. BBN said its scientists are also working on tools for finding relationships and anomolies in the text Deep Exploration and Filter of Text program
Northrop Wins $148M for North Pole EHF SATCOM System (Govconwire) Northrop Grumman (NYSE: NOC) has won a $148,313,460 U.S. Air Force contract to provide satellite communications services in the North Polar region. According to the Defense Department, the Enhanced Polar System control and planning segment aims to provide deployed forces in the region extremely high frequency protected satellite communications
'Almost' Stocks for Your Watchlist: CHKP, SHZ, and IMSC in Focus (SmallCap Network) Last but not least, though it's barely evident on the daily chart or the weekly chart, Check Point Software Technologies Ltd. shares are slowly but surely
Cipher Cloud Raises $30M From Andreessen Horowitz For Cloud Encryption Technology (TechCrunch) Cipher Cloud has raised a new $30 million round of funding from Andreessen Horowitz for its cloud application security technology. The investment follows a previous seed round from Andreessen for $1.4 million
Qualys Named Finalist in Five 2013 SC Magazine Awards Categories (MarketWatch) SC Magazine distinguishes the achievements of the security professionals in…The company is also a founding member of the Cloud Security Alliance (CSA)
BAE Systems Detica expands Australian operations (CIO Magazine) Cyber-security vendor BAE Systems Detica has expanded its operations in Australia with the hiring of Sydney-based managing director Richard Watson and
SAIC Plans To Lay Off 700 Employees (Washington Post) McLean-based Science Applications International Corp. said Tuesday that it plans to let go 700 employees - about half of whom are locally based - as the contracting giant seeks to cut costs to remain competitive in the federal marketplace
Mike Nefkens Named Permanent HP Enterprise Services Lead (Govconwire) Nearly four months after being named interim lead for HP Enterprise Services (NYSE: HPQ), Mike Nefkens has been promoted to head the business on a permanent basis, effective immediately. HP said Nefkens was also promoted to executive vice president, will report to HP CEO Meg Whitman and serve on the company's executive council
EMC names former VMware CEO head of new Cloud Foundry spinoff (Fierce Big Data) EMC is forming a new business unit with VMware's former CEO, Paul Maritz, as head. EMC will form the new unit from VMWare's non-core businesses, including its Cloud Foundry platform-as-a-service, into a separate unit that will include Cloud Foundry, plus SpringSource, Gemstone, and EMC's "big data" product, Greenplum
Products, Services, and Solutions
GuruCul Launches Security Risk Intelligence Solution For NetApp Unified Storage Systems (Dark Reading) GuruCul's Risk Analytics platform now integrated with NetApp's Unified Storage Systems as part of its core Risk Analytics platform
Cylance Unveils Security Services Lines (Dark Reading) Presponse services predetect and solve complex security challenges
Aveksa Releases Version 6.0 Of Its Identity And Access Management Software Platform (Dark Reading) Aveksa 6 enables enterprises to standardize on a single, centralized database for all identity and access information
Tenable Rolls Out Vulnerabilty Management Solution For IPv6 (Dark Reading) SecurityCenter Continuous View designed to identify emerging threats and vulnerabilities
Sendmail and Mimecast partner on hybrid-cloud email security (Help Net Security) Sendmail and Mimecast announced a new partnership that provides additional enhanced options for integrating and configuring email management solutions, which are needed to meet hybrid-cloud email
Guidance Software unveils fast forensic bridge (Help Net Security) Guidance Software announced the Tableau T35u USB 3.0 forensic SATA/IDE bridge for forensic imaging in both lab and field environments. The T35u supports write-blocked, forensic acquisitions
LogRhythm launches automation suite for PCI (Help Net Security) LogRhythm announced its Automation Suite for PCI. The suite helps organizations maintain continuous compliance and lower the costs of meeting PCI regulatory compliance requirements
IAM solution for secure email on iOS devices (Help Net Security) Good Technology introduced Good Vault, built on the Good Trust mobile identity and access management (IAM) platform. Good Vault extends strong two-factor authentication and S/MIME security to Good's
Wireless LAN platform for mobile application delivery (Help Net Security) Aruba Networks announced a new wireless LAN platform that addresses the explosion of mobile applications and devices challenging enterprise networks, while dramatically reducing enterprise IT costs
Salesforce: Every Developer A SaaS Vendor (InformationWeek) Salesforce.com's Heroku unit is making it easier for Salesforce app developers to become SaaS vendors on their own
HP Debuts New Storage, Backup Systems, Cuts Prices (InformationWeek) HP's "largest storage launch ever" features new converged array family, backup and deduplication appliances, file-based storage for all size businesses
Microsoft Dynamics App Updates: What's Missing (InformationWeek) Microsoft's latest Dynamics AX, GP and CRM upgrades pack plenty of new features, but promised cloud, mobile and marketing options have been delayed
Evernote For Business: End Of Butt-Ugly Software? (InformationWeek) Evernote Business lets an organization deploy and manage the Evernote application on behalf of employees, extending information discoverability and sharing company-wide
Amazon introduces new 'Data Pipeline' tool (Fierce CIO: TechWatch) Amazon last week launched Data Pipeline, a tool designed to help users integrate data from disparate sources. Locations within AWS could include data stored within Redshift, DynamoDB or the Simple Storage Service. Redshift is Amazon's (NASDAQ: AMZN) cloud-based data warehouse, while DynamoDB is the company's NoSQL database implementation
Technologies, Techniques, and Standards
Stepping Up SMB Security To Satisfy Enterprise Customers (Dark Reading) When your company is the third-party vendor, improved security practices, transparency and independent reviews to prove your claims can go a long way toward winning enterprises embattled by attacks and the burden of compliance
Prolexic Recommends Combining Two Scoring Systems For More Accurate Analysis Of DDoS Threat Levels (Dark Reading) Recommendation and a detailed how-to guide is featured in new white paper
CIO Strategy: 5 Ways To Transform Your 2013 (InformationWeek) Take the reins in these key areas and you will win a place back at the big table in leading your company's technology efforts
Big Data Debate: End Near For ETL? (InformationWeek) Extract, transform and load processes are the backbone of data warehousing, but with Hadoop on the rise, some see a new way to transform data. Two experts share opposing views
Design and Innovation
Can Technology Make You Happy? (IEEE Spectrum) Yes, and it can make your office a better place to work, too. The unmanageable in-box, the cellphone and laptop that keep you electronically tethered to the office, the endless 30-second distractions from incoming e-mail and text messages. Sound familiar? The same advances in computers and telecommunications that have brought about tremendous gains in productivity have also made the work lives of professionals a misery
Code as a cultural artifact (IT World) A new book argues that a computer program is more than a collection of machine commands and has important stories to tell
NYC's Mayor Challenges Designers, Hardware Hackers, And Policy Buffs To Reinvent The Humble Payphone (TechCrunch) With cell phones as ubiquitous as they are (a recent report from the Pew Research Center purports that around 85% of American adults have one), it seems safe to say that the age of the pay phone is winding down
Europe Gets Its Entrepreneur Mojo Back With The Europas And Europioneers (TechCrunch) Europe is clearly switching its cultural gears. From saying how things can't be done, to saying how thing can be done, our cultural mindset is changing, whether our politicians like it or not. The media might still be in the long grass of austerity, but here on the lawn, we're celebrating entrepreneurship. So today it's rewarding to see that a great event like The Europas, the annual awards for
Research and Development
Breakthrough by Macronix could result in SSDs with 100M write cycles (Fierce CIO: TechWatch) Taiwanese flash memory maker Macronix says it has found a way to dramatically boost the reliability of flash memory chips, whose reliability starts deteriorating significantly after 10,000 write cycles. The thermal annealing technique involves heating small groups of memory cells to 800 Celsius, which the company says is able to return damaged locations to their full capability
Research team wins $2.7 million award from DARPA (Fierce Big Data) Serious football fans may be holding their noses at Georgia Tech's Sun Bowl bid this week despite its losing 6-7 record, but the school's research team was likely dancing in the street when it received a $2.7 million award from the Defense Advanced Research Projects Agency, or DARPA, to develop technology to help meet the challenges of big data
Legislation, Policy, and Regulation
Syria not alone in spying on citizens (CSO) Repression like that in Syria is not happening now in the U.S., but the tools are in place
Hysteria over the UN's plan to 'regulate the internet' is a distraction from the real issue: money (Quartz) From Dec. 3 until the 14th, thousands of delegates from all 193 UN member countries are meeting in Dubai, behind closed doors, to decide the future of the internet. Every country has exactly one vote on the final form of the subject of debate, which is whether or not the International Telecommunications Union (ITU), a UN body, should be able to decide everything from who pays for internet traffic to how easy it should be for the world's worst regimes to censor that traffic
A Real Privacy Threat To Global Internet Users From The U.N. (ThinkProgress) The new standards outline requirements for Deep Packet Inspection (DPI) technology in future systems — a technique for snooping into the web content with
ITU Approves Deep Packet Inspection Standard Behind Closed Doors (Techdirt) The new Y.2770 standard is entitled "Requirements for deep packet inspection in Next Generation Networks", and seeks to define an international standard for
The UN takes up Internet regulation, privacy while IAPP discusses big data (Fierce Big Data) The United Nations began talks today in Dubai on rules that many worry will destroy the open Internet and eliminate privacy. The body is discussing whether or not a communications treaty is necessary to ensure investment in infrastructure to help more people access the net
Google's Media Campaign Against the UN Slapped Down (Forbes) Google has been a forerunner and one of the most outspoken companies in protecting the right to freedom of information and expression
Google: A Threat to Civil Liberties? (Defining Ideas) When it comes to regulating large tech companies, the government should proceed with caution. Part of the price that successful corporations pay for innovation is their exposure to increased calls for extensive government regulation. Those who call for such regulation claim that dominant firms, especially in modern high-tech industries, will be guilty of at least two forms of malfeasance. First, the firms will abuse their monopoly power—whose very existence is often in dispute—to extract huge profits from consumers. Second, the firms will acquire vast amounts of information that will then be used for improper purposes that pose a serious threat to both privacy and civil liberties
Litigation, Investigation, and Law Enforcement
The strange consequences of spying (CSO) An FBI agent puts spyware on his son's laptop and inadvertently catches the school principal viewing child porn
State agency cyber security gets bad marks, officials say (Greenvilleonline) State agency cyber security is rated low to very low by a group of agency chief information officers interviewed by the states inspector general, according to a report issued today. The report, done in the wake of the massive data breach of the state Revenue Department, finds that 18 CIOs questioned by Inspector General Patrick Maley view the states cyber security posture as less than adequate. On a scale of one to five, with five being the high and one being very low, 15 of the CIOs rated statewide information security as either low or very low
Computer contractor sentenced for stealing source code from NY Fed (Finextra) A Chinese computer contractor has been sentenced to six months of house arrest after pleading guilty to stealing millions of dollars worth of source code from the US Federal Reserve Bank of New York. Bo Zhang, 33, was arrested in May and admitted downloading the code - used by the US Treasury to manage billions of dollars of daily transfers - to a portable hard drive and his home computer
Appeals court upholds FCC's data roaming requirements (Computer World) A U.S. appeals court has upheld the U.S. Federal Communications Commission's authority to require mobile carriers to enter into data roaming agreements with each other
District Court Grants Motion to Suppress After Government Uses 'The Shadow' to Locate Laptop Using Unsecured Wireless Network (Volokh Conspiracy) I recently blogged about a new Fourth Amendment decision on the use of "MoocherHunter" to find the location of an unauthorized user of a wireless network. Here's another case with a somewhat similar tool in which the facts led the District Court to grant the defendant's motion to suppress: United States v. Broadhurst, 2012 WL 5985615 (D. Or. Nov. 28, 2012) (Mosman, J.). In this case, an investigation into sharing of child pornography over peer-to-peer networks revealed ten different IP addresses in a particular neighborhood that was being used to share thousands of images of child porn. An investigation revealed that the ten IP addresses traced back to six residences that had unsecured wireless networks, suggesting that someone was sharing child porn by hopping on to the unsecured wireless networks in the neighborhood and using several different networks to hide the suspect's identity. To find out who was behind the conduct, the investigators turned to The Shadow. No, not that Shadow. Rather, a hand-held device that happens to be called the Shadow
For a complete running list of events, please visit the Event Tracker.
BayThreat (Sunnyvale, California, Dec 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
2012 European Community SCADA and Process Control Summit (Barcelona, Spain, Dec 10 - 11, 2012) The European SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the principal cyber security risks to control systems and the most effective defenses.
SANS SEC 504 - Hacker Techniques, Exploits & Incident Handling (Linthicum Heights, Maryland, USA, Dec 10 - 14, 2012) Rescheduled after Hurricane Sandy, this SANS Institute program provides information on how to recognize and respond to hacking.
tmforum Big Data Analytics Summit (Amsterdam, Netherlands, Jan 29 - 30, 2012) Bringing together leading service providers, market analysts and all of the big names in Big Data, this forward-looking, education-packed two-day Summit combines keynote perspectives, case studies, debates, panels, interactive sessions and networking opportunities that maximize every participant's opportunity to network and generate ideas that can be implemented immediately.
#BSidesBOS (Cambridge, Massachusetts, USA, Feb 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..
TechMentor Orlando 2013 (Orland, Florida, USA, Mar 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.
e-Crime Congress 2013 (London, England, Mar 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.
The Future of Cyber Security 2013 (London, England, UK, Mar 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.