The CyberWire Daily Briefing 07.10.13

Cyber Trends

Cyber attacks hit 68% of Brazilian, Mexican firms - Kaspersky (Business News Americas) The business development service focuses on major projects, active companies, such as Kaspersky Lab; and business and sales contacts, providing networking opportunities with leading executives throughout Latin America. Tweet. To continue reading, take

More needs to be done to protect network devices (FierceCIO: TechWatch) Network devices are increasingly coming under attack, as the U.S. Emergency Alert System was found this week to be vulnerable to hijacking by remote attackers. In this case, application servers used to receive the emergency broadcast messages could be accessed by unauthorized users over the Internet--the result of improper SSH encryption key management--which inadvertently exposed it to the public

Searching for health info online? Beware of tracking (FierceHealthIT) There's yet another health privacy threat to worry about--health websites--as they share user search terms for advertising purposes, according to an article published online this week in JAMA Internal Medicine

Security dangers in big data mining (FierceBigData) The only time security is at the forefront in a big data project appears to be when the project is about security. Otherwise, security is most often an afterthought or done poorly. On the security front, big data projects are proving incredibly advantageous for security organizations, such as the NSA, and protection industries, such as the anti-virus, anti-malware producers. An example of how well these types of projects have done to affect security can be found in an eWeek article describing the big data visualizations from Japan's National Institute of Information and Communications Technology and its Daedalus Cyber-attack alert system

Mobile devices, cloud computing: What healthcare CIOs fear most (FierceMobileHealthCare) Although mobile apps that share files through the cloud are gaining in popularity in the consumer market, these apps can be unsafe in a clinical setting according to a recent study by the Ponemon Institute

Legislation, Policy and Regulation

Snowden's Leaks Puts National Security Agency In A Bind (NPR) It's been four weeks since Edward Snowden leaked secrets about government surveillance. On Monday, The Guardian newspaper released more of an interview with Snowden. His actions have stirred up a lots of issues for the National Security Agency

Five things Snowden leaks revealed about NSA's original warrantless wiretaps (Ars Technica) Looking through call records? It was actually the telcos' idea

5 stubborn leak myths (Politico) The continuing saga of former National Security Agency contractor Edward Snowden -- along with revelations of aggressive Justice Department prying into reporting by The Associated Press and Fox News -- has resulted in a string of congressional hearings

Comey defends surveillance programs but says he's open to more transparency (Washington Post) James B. Comey, President Obama's nominee to be director of the FBI, defended the National Security Agency's surveillance programs Tuesday as a critical tool for counterterrorism but said he would be open to more transparency with the secret court that

Privacy advocates call on government to rein in NSA (PCWorld) A U.S. government board focused on privacy and civil rights should push Congress to rein in the National Security Agency's mass collection of telephone records and Internet communications, privacy advocates said Tuesday. The U.S. Privacy and Civil

NSA ''spied' on most Latin American nations: Brazil paper (Reuters) The U.S. National Security Agency has targeted most Latin American countries in its spying programs, with Colombia, Venezuela, Brazil and Mexico ranking among those of highest priority for the U.S. intelligence agency, a leading

Costa Rica named among the countries spied on by US National Security Agency (Tico Times) Ticos woke up Tuesday morning to news that the "Switzerland of the Americas" has been the target of electronic surveillance by the United States National Security Agency. Costa Rican leaders responded to allegations later in the afternoon from the

US Government, Industry Fed up with Chinese Cyber Theft; What's Being Done? (PBS) For the first time ever, it's on the agenda at a biannual meeting of U.S. and China leaders this week in Washington. Those talks come amid suspicion that China is stealing intellectual property by hacking into computer networks of U.S. companies

Parliament and Civil Liberties Respond to NSA Surveillance (Infosecurity Magazine) While national executives, including the EU's executive (the European Commission) seem intent on downplaying the impact of the NSA's PRISM program (possibly because there is increasing evidence that the majority of larger European states are either involved with the NSA or have their own 'prism projects'), parliamentarians and civil liberties groups are being more proactive

IAEA Member Countries Facing Cyber Threats, Agency should do more, Says Iran (SPAMFighter) Iran has indicated to IAEA (International Atomic Energy Agency) a world establishment, which caters to maintaining nuclear energy usage in a peaceful manner, to do more for tackling cyber assault threats lurking on nuclear plants installed in countries that are members of the agency, published tehrantimes.com in news on July 2, 2013

Iranian PRISM revealed (Cyberwarzone) Yes - you are reading it right. Iran has its own PRISM program that allows the Iranian government to track each step that is made in the Iranian domain but it is not limited to the Iranian domain

FTC "Reclaim Your Name" proposal would give consumers power over data brokers (FierceBigData) Recently, big data became a household name when the NSA's use of it sparked a huge conversation over consumer privacy

Network neutrality key to health information exchange (FierceHealthIT) Network neutrality is central to planning for health information exchange, and potential regulation has implications for healthcare providers that use or provide services, according to research published at the Journal of the American Medical Informatics Association

Commission report wants action against agencies, ISI (International News) The Abbottabad Commission report has strongly criticised Pakistan's intelligence agencies for their failure in detecting Osama bin Laden (OBL) in the country for nine years, urging the political leadership to institute a mechanism for proper accountability of the agencies including the premier intelligence agency ISI

Products, Services, and Solutions

Super-scalable LDAP directory driven by big data (Help Net Security) Radiant Logic announced a commercial solution for distributed storage and processing for enterprise identity management. Based on Hadoop, this new highly-available version of the LDAP directory

Audit privileged access to Microsoft Online Services (Help Net Security) Xceedium announced Xsuite will include protection for Office 365, Exchange, Lync, and SharePoint. The additional protection for Microsoft online services complements Xsuite's existing hybrid-cloud security

SafeNet offers new cryptographic hypervisor for cloud migration (Infosecurity Magazine) Ushering in what it calls a "new era of elastic encryption", Maryland-based SafeNet has announced it is now offering what it believes is the world's first crypto hypervisor for multi-tenant, high-assurance key vaulting for cloud migration

Watchful's Advanced Information Protection Suite Is Integral in Three-Way Global Alliance to Protect Critical SAP-Based Information (Wall Street Journal) Watchful Software, a leading provider of data-centric information security solutions, will feature live demonstrations of its award-winning cybersecurity technologies at the Microsoft Worldwide Partner Conference (WPC) 2013 this week, July 8-11. The company will showcase how RightsWATCH and TypeWATCH prevent sensitive data from being disclosed inadvertently and unauthorized users from accessing your systems. Watchful Software is also announcing a global collaboration with SECUDE and Foxit Corporation to offer enterprises running on SAP a powerful end-to-end approach to protect business critical information regardless of its form or location

Kaspersky Lab Kaspersky Security 10 for Mobile v10 (SC Magazine) Coupled with excellent support and documentation, the product fits perfectly into its target market space of small to midsized businesses

Technologies, Techniques, and Standards

Controlling The Big 7 (Dark Reading) With limited resources, funding, and expertise, focusing on protecting the Big 7 applications will enable security professionals to reduce a large portion of their attack surface

How to Make Your Sandbox Smarter (RSA) Sandboxes are a great tool with two primary uses: A tool to assist malware analyst during their analysis and A first line security tool for Tier 1/Level 1 (T1/L1) analysts to help determine if a file exhibits malicious behavior and to rate the severity of an incident

Relying on Threat Actor Behavior Profiles Alone is a Great Way to get an Unwelcomed Outcome… (SecurityWeek) Over the past year, the buzz around tracking threat actors has been growing and in my opinion hitting the height of the hype cycle. I have had many conversations and debates with friends, colleagues and customers around what the industry is trying to accomplish by associating activity back to a specific cyber threat actor or actor group. I will share these thoughts and perspectives, but prior let us look at where the use of "threat actors" with reference to cyber originated

Wait — maybe JavaScript IS the top programming language (IT World) The ubiquitous language that's the "glue" of web pages tops some recent rankings of programming languages

What Unix can teach you about big data (IT World) Big data may be a tech buzzword of the moment, but Unix admins who need to hunt through logs to figure out what's going with their systems have been grappling with huge data sets for decades. Here are tips on command-line tools and techniques that can make sense of seemingly overwhelming data sets

Preventing Data Theft from Lost or Stolen Devices on Vacation (Kaspersky Labs) If there's one group of people who love vacation more than the vacationers themselves, its thieves. Tourists and travelers have always made easy marks for criminals, but now that everyone has — and travels with — smartphones and tablets, they are even more lucrative targets

Selecting a cloud provider starts with exit planning (Help Net Security) Let's begin with a story: The first day of the new week started very ordinarily and nothing indicated this was going to be a very long and tiring day for Sarah, a CIO of a large HR agency "Jobs Are Us". After she finished her breakfast, she headed to the office to attend the CEO staff meeting at 9am. Such meetings have been stifling, almost bordering on boring, but that was not going to repeat itself today

Identity and access management tips for proactive compliance (Help Net Security) N8 Identity announced eight tips for proactive compliance through identity and access management (IAM) best practices. These tips offer advice to organizations seeking to achieve continuous compliance

How cryptography is a key weapon in the fight against empire states (The Guardian) The original cypherpunks were mostly Californian libertarians. I was from a different tradition but we all sought to protect individual freedom from state tyranny. Cryptography was our secret weapon. It has been forgotten how subversive this was

Why data encryption may not always help (FierceCIO: TechWatch) The use of encryption has long been hailed as a way for businesses to secure their data for use in risky locations, such as in the cloud and elsewhere. While encrypting data is definitely better than not encrypting it, companies need to know that encryption doesn't magically make it invulnerable

NIST Seeks Guidance on Incident Response and Forensics (Threatpost) The federal government is looking for some help in figuring out how to respond to security incidents. As attacks continue to escalate against both government agencies and private enterprises, NIST is developing a set of standards for best practices in incident response and computer forensics

Below The Application: The High Risk Of Low-Level Threats (Dark Reading) In-memory attacks and rootkits may hit your systems below the OS. Here are some tips to help your defense. In all of the publicity around application attacks, cloud security and virtualization, many experts in the security field have let lower-level, more direct system attacks fall by the wayside. While there may be a reason to relax a little, given the huge leaps forward in network and computer system security, there are many good reasons to continue to pay special attention to these types of attacks

In the Public Cloud Era, Is Your Organization Keeping its Data out of Harm's Way? (SecurityWeek) In the era of the public cloud, when employees (aka insiders) are frequently using consumerized applications such as Dropbox, Box and Google Drive to share and store data, security and risk professionals are at a tipping point. It is time for them to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself

Marketplace

Europe Wants To Put $32B Into Reviving Its Hardware And Electronics Industries (TechCrunch) Europe has been focusing for a while on trying to revive its flagging hardware and manufacturing industries, and today the European Commission decided to put its money where its mouth is. It's proposing a new investment package worth ?25 billion ($32 billion) over the next seven years to drive more production and innovation in the areas of electronic components and systems design, including

Study: Bug bounty programs provide strong value for vendors (CSO) A study of Google's and Mozilla's browser bug programs shows it is money well spent

There's a 'giant market' for cyber-security firms (Louisville Biz Blog) In terms of tech, cyber security is the field to be in. At least, that's according to Joey Rivera, president of Sellersburg, Ind.-based Rivera Consulting Group

Secunia and VLC Get into Argument over Vulnerability (Softpedia) Secunia has decided to stop all collaboration with VLC and publish all VLC vulnerabilities as soon as they're found. The decision comes after the two sides got into an argument over the details of a vulnerability. According to Secunia, security researcher Kaveh Ghaemmaghami has identified a vulnerability in VLC 2.0.4 and has published its details on the Full Disclosure mailing list. He believed the vulnerability was a buffer overflow issue when parsing SWF files

Dell buyout drama far from over (FierceFinance) So is Michael Dell inching closer to winning over shareholders in his bid to take his company private? He would appear to have some momentum. Following the news that Institutional Shareholder Services (ISS) had thrown his heft behind the founder's offer, two other proxy advisory firms did so as well. Glass Lewis and Egan Jones publically stated their support of the deal, advising shareholders to vote in favor of it at the July 18 special vote

Sprint completes Clearwire acquisition after a long, bumpy road (VentureBeat) Major wireless carrier Sprint has finally completed its acquisition of wireless high speed provider Clearwire, the company announced today

Equifax acquires TrustedID (Help Net Security) Equifax has acquired TrustedID, which will become part of Equifax Personal Solutions, Equifax's direct-to-consumer business unit offering credit monitoring and identity protection solutions

Spying could undermine European trust in U.S. cloud firms, warns EU official (FierceITSecurity) Allegations of widespread U.S. government surveillance could undermine trust that European firms and organizations have in U.S. cloud providers, resulting in the loss of billions of dollars for U.S. firms, warned Neelie Kroes, vice president of the European Commission

PRISM Sends Swiss Hosting Companies a Windfall (Infosecurity Magazine) In the wake of the Operation PRISM revelations, some are saying that they're benefitting from corporate privacy fears. Swiss data hosting company Artmotion says that it has witnessed 45% growth in revenue since the US surveillance program was exposed

The Netherlands — land of data centers (LeaseWeb) When you would ask an average EU citizen how the Internet works and where most websites and cloud services are hosted, most people will mention the U.S. as the main source of Internet technologies and services. And when you would ask an EU politician about the Internet, his or her first emerging thought would be a concern about taps, privacy, or cybercrime

Lynn Martin Appointed VMware Public Sector Group Head (GovConWire) Lynn Martin, who joined VMware (NYSE: VMW) last year, has been appointed vice president of the U.S. public sector group. Martin will oversee a team responsible for helping federal, state, local and education customers adopt cloud computing and virtualization technology, VMware said Monday

Research and Development

Preparing For Possible Future Crypto Attacks (Dark Reading) Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

Documents Reveal How the NSA Cracked the Kryptos Sculpture Years Before the CIA (Wired) It took more than eight years for a CIA analyst and a California computer scientist to crack three of the four coded messages on the CIA's famed Kryptos sculpture in the late '90s. Little did either of them know it

Google patent: Background noise from phone calls could be used to target ads (GeekWire) You're attending a baseball game and call Google's 411 service for information about a nearby restaurant. The cheers of the crowd and the sounds of the announcer are picked up by your phone. Google's system analyzes the background noise, takes into account your location, determines that you're at a ballgame and delivers related ads or links to your phone with sports scores and news

Security Patches, Mitigations, and Software Updates

Denial of Service Vulnerabilities Patched in Apache CXF (Threatpost) Apache has patched a denial of service vulnerability in the Apache CXF framework

Adobe, Microsoft Release Critical Updates (Krebs on Security) Patch Tuesday is upon us once again. Adobe today pushed out security fixes for its Flash and Shockwave media players. Separately, Microsoft released seven patch bundles addressing at least 34 vulnerabilities in Microsoft Windows and other software. At least one of the Windows flaws is already being exploited in active attacks

Adobe Security Bulletins Posted (Adobe PSIRT Blog) Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com. Today, we released the following Security Bulletins

Microsoft Security Bulletin Summary for July 2013 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for July 2013. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification

Google Sets New 'Aggressive' 7-Day Deadline For Vendors To Reveal Or Fix Zero-Day Bugs Under Attack (TrendMicro CTO Insights) [Video at the link]

Microsoft's new app security rules dubbed a paper tiger (CSO) One analyst said he believes giving developers six months to fix an app, so as to not scare away developers, is excessive

Cyber Attacks, Threats, and Vulnerabilities

Cyberspies Posing As Hacktivists Waged Cyberattacks To Steal South Korean, U.S. Military Intel (Dark Seoul) Attackers long have used distributed denial-of-service (DDoS) attacks as cover for more nefarious hacking activity. But turns out the recent high-profile DDoS and data destruction attacks on major South Korean banks, media outlets, and other entities was also a glaring example of such subterfuge, as cyberespionage actors posed as hacktivists knocking websites offline and wiping hard drives--while in the background quietly stealing military secrets about South Korea and the U.S

Dissecting Operation Troy: Cyberespionage in South Korea (McAfee) South Korea was hit by a major cyberattack on March 20, 2013, at 2:00 pm local time. This cyberattack caused a significant amount of damage to the affected organizations by wiping the hard drives of tens of thousands of computers. McAfee Labs research provides further insight into the likely source of these attacks. Though not definitive, our analysis provides a much clearer picture. The research also indicates that there may have been two distinct groups, attacking different targets

Al Arabiya under cyber attack since Egyptian president's ouster (Al-Arabiya) Al Arabiya under cyber attack since Egyptian president's ouster. The attacks are aimed at slowing down publication of articles, downloading of pages and videos, and browsing speed at Al Arabiya websites

Cybercriminals spamvertise tens of thousands of fake 'Your Booking Reservation at Westminster Hotel' themed emails, serve malware (Webroot Threat Blog) Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they've received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the campaign

Konami follows Nintendo as victim of illicit login attacks in Japan (CSO) The game company said accounts containing private data including addresses and phone numbers were accessed by attackers

"Google account hacked" text scam puzzles researchers (Help Net Security) A curious spamming campaign continues to target Google users via their mobile phones, and researchers still don't know what it actually does. First spotted back in March, bogus Google messages warn potential victims that their account has been hacked and asks them to send a message to that number when they are ready to verify their accounts

Data of 50K Michigan residents compromised after website hack (SC Magazine) A website hack led to the exposure of sensitive files of tens of thousands of people in Michigan

IRS exposed 'tens of thousands' of Social Security numbers in online slip-up (Daily News) The sensitive information was online for less than 24 hours, but the mistake is, nevertheless, another black eye for the beleaguered tax agency

'Priyanka' yanks your WhatsApp contact chain on Android mobes (The Register) If that really is your name, nobody wants to know you right now. A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesn't cause much harm

Can Your Car's Computer Be Hacked By Terrorists? (Cheap Car Insurance) Cars have become rolling computers, with enough computing power to run the engine, brakes and play music and give you directions

California Bureau of Automotive Repair Admits Security Breach (eSecurity Planet) Smog check stations' bank account information may have been accessed. The California Bureau of Automotive Repair recently began notifying several California smog check station owners that their bank account numbers and bank routing numbers may have been accessed by an unauthorized individual

Morningstar Provides (some) Information About Breach (Infosecurity Magazine) Morningstar Inc, an investment research firm, has disclosed a breach that compromised 2300 credit card details and possibly 182,000 user names and passwords; but the company has provided little additional information

Government reveals cyber-attack alarm leading up to London Olympics (Infosecurity Magazine) When the NSA's surveillance program was first revealed by Edward Snowden last week, initial reaction was that it was a US issue. But with the realization that the greater part of the world's internet traffic is at some point routed via the US, the

Could a terrorist cyber attack set off World War 3? (Mirror.co.uk) That is the terrifying question faced by the West's intelligence agencies every day, and it was thrown into sharp relief by yesterday's revelation that Islamist terrorists attempted a cyber attack on the London Olympics. They planned to disrupt the

Did brainless flaw in US Emergency Alert System lead to epic zombie attack warning? (Naked Security) Emergency broadcast systems come packed with vulnerabilities, the most severe of which is the public disclosure of the default private root SSH key, a security firm has disclosed. Such flaws well may have been at the heart of a warning about the zombie apocalypse that proved, at the very best, to

No wonder China is worried about Android--the NSA helped write its source code (Quartz) Google's Android smartphone operating system uses source code contributed by the US National Security Agency. Especially in the post-Edward Snowden era, that's a red flag for Beijing, and helps to explains why China has been so eager to encourage the growth of non-Android smartphones within its borders

Google Android Vs. Apple iOS: The Mobile App Privacy War (Dark Reading) Using their Clueful app, researchers at BitDefender examined how apps for Android and Apple's iOS treated private data such as location information and contact lists. What they found may seem startling - of the 207,843 free applications for iOS

Free apps dubbed the "modern equivalent of spyware" (ITProPortal) Internet security firm Bitdefender has warned that the advertising framework used by free mobile apps is turning the software into the "modern equivalent of spyware" that can monitor users throughout the day. The company made the conclusion after

Who's Behind The Styx-Crypt Exploit Pack? (Krebs on Security) Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I'll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service

McAfee notes examples of organized cyber criminal services (SC Magazine) An interested consumer of cyber crime is not that different than, say, someone who wants to build a pool in their backyard. Rather than dig the hole themselves and fill it with water and chlorine, it's much easier to hire someone to do the work for them

What will it take to get you into a nice exploit kit? (FierceITSecurity) Cybercriminals are no longer lurking in the Internet shadows and hawking their wares in underground forums. They have come out in the open, advertising their exploit kits as "stress-test platforms," observed security researcher Brian Krebs on his Krebs on Security blog

Academia

$3000 cyber security course for free (Whatech) IT Masters and Charles Sturt University are offering, free, a six week online course designed to prepare students for the Certified Information Systems Security Professional (CISSP) Security Certification that is comparable to other online courses that can cost up to $3800

Maryland Cyber Challenge opens for 'aspiring cyber warriors' (MDBiz News) Teams must then pass two qualifying rounds conducted online by SAIC's Cyber Network Exercise System. In conjunction with the CyberMaryland2013 Conference

Filipino wins in Kaspersky Lab contest (Rappler) A student from the University of the Philippines Diliman wowed the judges of Kaspersky Lab's international youth competition, "Cyber Security for the Next Generation (CSNG) 2013" held in London last June

Imperial College, Huawei team to develop new big data technologies (FierceBigData) The London-based Imperial College and China-based telecom supplier Huawei inked a deal to develop a new big data R&D center at the old BBC site in London, reports ComputerWeekly

Litigation, Investigation, and Enforcement

Snowden Seen as Whistle-Blower by Majority in New Poll (Bloomberg) A majority of U.S. registered voters consider Edward Snowden a whistle-blower, not a traitor, and a plurality says government anti-terrorism efforts have gone too far in restricting civil liberties, a poll released today shows

Snowden Agrees to Asylum in Venezuela: Top Lawmaker (SecurityWeek) Fugitive US intelligence leaker Edward Snowden, who has been holed up in a Moscow airport for more than two weeks, has agreed to an offer of asylum from Venezuela, a top Russian lawmaker said on Twitter on Tuesday before removing the post

Facebook troll jailed over threat to kill US schoolchildren (The Guardian) Briton Reece Elliott sentenced to 28 months for messages that resulted in lockdown of schools in Warren County, Tennessee

Judge Orders U.S. to Release Aaron Swartz's Secret Service File (Wired) A federal judge in Washington, D.C. on Friday ordered the government to promptly start releasing thousands of pages of Secret Service documents about the late activist and coder Aaron Swartz, following months of roadblocks and delays

Witness: No Harm To US From Leaked Gitmo Files (Yahoo.com) Secret threat assessments of Guantanamo Bay detainees that Pfc. Bradley Manning gave to WikiLeaks did not harm national security, a former chief prosecutor at the U.S. detention facility in Cuba testified Tuesday

Finjan Holdings Subsidiary Files Patent Infringement Lawsuit Against FireEye (Dark Reading) Complaint alleges infringement of Finjan patents relating to endpoint, Web, and network security technologies

Design and Innovation

Qualcomm: We need more standards to unlock the potential of "digital sixth sense" (VentureBeat) Our smartphones and tablets are filled with a slew of sensors -- things like gyroscopes, light sensors, and GPS -- but for the most part, they're all treated differently within every mobile platform. That makes it tough for developers to utilize those sensors, compared to standards-driven technology like Bluetooth

Watch Out For The Balkans (TechCrunch) We're fifty kilometers outside of Ljubljana, Slovenia, in Bled Castle, overlooking a clear blue mountain lake, a set of gilded clouds scudding overhead and the sun is shining bright over miles of untrammeled forests. On the water below tiny swimmers look as if they're floating in thin air, arms and legs swinging, making ripples in something invisible