The CyberWire Daily Briefing 09.25.13

Cyber Trends

Cyber attacks will cause real world harm in next seven years (V3) New technologies such as Google Glass and IPv6 will lead to new, deadly forms of cyber attack if current manufacturing security practices continue, according to experts from Europol, Trend Micro and The International Cyber Security Protection Alliance (ICSPA)

Examining Korea's Rollercoaster Threat Landscape (Microsoft Security Blog) The last time I wrote about the threat landscape in the Republic of Korea, its malware infection rate had increased six-fold in the first six months of 2012. Korea has had one of the most active threat landscapes in the world for many years. According to the latest data published in the Microsoft Security Intelligence Report Volume 14, the last half of 2012 was no different. Figure 1 provides the raw number of systems that were disinfected in Korea and other relatively active locations in each of the four quarters of 2012

Spy agency reveals big increase in cyber attacks (Australian Financial Review) Foreign hacking attacks on government computer networks are rising sharply, while local intelligence chiefs grapple with how to modernise telecommunications laws to reflect changes that have been wrought by the internet. Australia's electronic espionage agency, the Defence Signals Directorate, told The Australian Financial Review the number of serious cyber attacks on government, that necessitated a "heightened response" from its Cyber Security Operations Centre, is up 39 per cent from 2012 and 205 per cent from the year before

Kaspersky Lab et Outpost24 découvrent des failles de sécurité (Informaticien.be) Les experts de Kaspersky Lab et Outpost24 ont récemment mené un audit de sécurité auprès de plusieurs organisations européennes. Ils ont examiné dans ce cadre la présence de vulnérabilités non corrigées, afin de mieux brosser le tableau de la sécurité (ou de l'insécurité) du paysage informatique

CISOs Struggle to Keep Up with Mobile and Social Networking Threats (InfoSecurity Magazine) Chief information security officers (CISOs) are in danger of succumbing to a knowledge gap when it comes to the vulnerability and attack landscape, particularly with respect to mobile and social technologies

Attackers sharpen skills: What that really means for CISOs (Help Net Security) Today, IBM is revealing the results of its X-Force 2013 Mid-Year Trend and Risk Report, which shows that Chief Information Security Officers (CISOs) must increase their knowledge of the evolving vulnerability and attack landscape, such as mobile and social technologies, to more effectively combat emerging security threats

Survey highlights ignorant IT behavior in the workplace (Help Net Security) You receive a strange email. It looks shady. You're probably being phished - a hacker is attempting to gain access to your enterprise. They must want to hijack your user name, password or credit card number. You click on the email anyway? That's the case for the nearly 1 in 5 (19%) U.S. employees working in an office setting who admit they have opened an email at work they suspected to be fake or a phishing scam — without notifying the IT department — according to the results of a survey by Harris Interactive

Concerns around insider threats escalate (Help Net Security) Vormetric announced the results of its "Insider Threat" survey, which surveyed more than 700 IT decision-makers. The study of mid-market and enterprise organizations indicates that 54 percent believe it is more difficult to detect and prevent insider attacks today than it was in 2011. Additionally, 46 percent say they are vulnerable to an insider threat attack - in spite of their existing security skills, resources, processes, and technologies

Cyber Security Insurance Only Goes So Far (IT Business Edge) In a recent study, The Ponemon Institute looked at an emerging strategy for mitigating cyber security risks: insurance policies. Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age (available for download with registration) found that 31 percent of its sample of risk managers and executives in a range of small and enterprise-size companies reported that they have "cyber risk" insurance

Widespread disregard for corporate cloud policies (Help Net Security) While most business professionals are worried about the security of cloud-based applications, they are not deterred from using them to store their personal and professional data, and they are not losing sleep over their data and information, according to a recent survey from SafeNet Labs

Post-NSA Revelations, Most Users Feel Less Safe (Dark Reading) Recent revelations of the National Security Agency's vast spying program has made users feel less secure, new data find

Three Top Cybersecurity Risks for Banks (American Banker) Cyber threats are increasing at a rapid rate and banks are going to have to work quickly — and spend significant resources — to keep pace, according to two top banking regulators dealing with the issue

NSA disclosures, mass shootings expose big data problem (FierceBigData) Sure, the government may know everything about us but it's still flailing about, trying to find a way to make that information actionable. Sound familiar? It probably does since most big data projects suffer the same challenge and therefore many practitioners and managers have seen this state of affairs before

How To Deploy the Most Effective Advanced Persistent Threat Solutions (FierceITSecurity) Traditional defense tools are failing to protect enterprises from advanced targeted attacks and the broader problem of advanced malware. In 2013, enterprises will spend more than $13 billion on firewalls, intrusion prevention systems (IPSs), endpoint protection platforms and secure Web gateways. Yet, advanced targeted attacks (ATAs) and advanced malware continue to plague enterprises

IBM X–Force 2013 Mid–Year Trend and Risk Report (IBM) As we look back at the first half of 2013, it is clear that successful tactics implemented by attackers continue to challenge enterprises to keep up with security basics

Legislation, Policy and Regulation

GCHQ and NSA outsourcing cyber security tasks to third–party vendors (V3) Government agencies such as GCHQ and NSA are outsourcing their requirements to private security firms to boost their cyber capabilities, according to F-Secure

Staatsveiligheid roept Britse collega's op het matje over spionage bij Belgacom (De Tijd) De Staatsveiligheid pikt het niet dat de Britse geheime dienst het computernetwerk van Belgacom zou hebben gehackt. De Britse 'bondgenoten' zijn op het matje geroepen, vernam De Tijd

How much influence can the UN have over online spying? (Ars Technica) "Brazil has 100 percent inconvenience, 0 percent security, and 0 percent privacy." It's not everyday that the Peace of Westphalia, which ended the Thirty Years War in mid-17th century Europe, is invoked when it comes to Internet policy

India Among Top 5 NSA Targets Alongside Iran, Pakistan And Above China, Russia, Brazil: Report (International Business Times) Among the countries that were subjected to prying by the National Security Agency, or NSA, India was one of its top five targets, and ranked above other BRICS bloc economies such as China, Russia and Brazil, which were also reported to have been under the scanner of the U.S. government agency

US Targeted Indian Diplomats with Sophisticated Bugs: Report (SecurityWeek) The US National Security Agency targeted the Indian embassy in Washington and the Indian UN office in New York with sophisticated surveillance equipment that might have resulted in hard disks being copied, a report said Wednesday

Brazil's President Tells U.N. That NSA Spying Violates Human Rights (US News & World Report) Brazil President Dilma Rousseff made the loudest criticism yet by a world leader against surveillance by the U.S. during her address on Tuesday to the U.N. General Assembly when she called for the multinational organization to regulate the Internet and prevent online abuses

Pakistan takes steps to protect itself from NSA-style cyber attacks (The News) In view of the recent wave of stealing of sensitive official data by US National Security Agency (NSA), the National Telecom & Information Technology Security Board (NTISB) has framed guidelines/ techniques for protecting government business from possible hacking and cyber attacks. "Recent wave of stealing the sensitive official data by US NSA has raised serious concerns warranting the implementation of all policies and guidelines in true letter and spirit," the Cabinet Division noted in a letter to all ministries, departments and divisions

Cancel data sharing deal with US, EU politicians urge (PCWorld) European politicians on Tuesday demanded that a broad data-sharing agreement between the U.S. and the European Union be suspended, following allegations that the U.S. National Security Agency illegally tapped banking data. The Terrorist Finance Tracking Program (TFTP) allows the U.S. Treasury to access some data stored in Europe by Swift, the international banking transfer company. But allegations that the NSA accessed this data without going through legal channels has led some members of the European Parliament (MEPs) to declare the agreement defunct

Tech rivals joining forces on NSA, immigration (Politico) They trash each other in the marketplace and sue each other in courts. But lately, tech companies and their leaders have been holding hands to fight for things they care about in Washington, from immigration reform to National Security Agency damage control

Sen. Patrick Leahy calls for end to NSA bulk phone records program (Washington Post) A senior U.S. senator on Tuesday called for an end to the National Security Agency's phone records collection program, arguing that it treads too heavily on Americans' privacy rights without having proved its value as a counterterrorism tool. In a speech at Georgetown Law's Center on National Security and the Law, Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) said he has introduced bipartisan legislation that would stop the controversial program, which allows the NSA to amass a database of Americans' call logs. He said he is working on a bill to address concerns about a separate program that collects the e-mails and phone calls of foreigners overseas, including their communications with Americans

Japan, U.S. to create cyber panel (Japan News) The Japanese and U.S. governments will create a new consultation framework in which defense officials of the two countries will discuss measures against cyber-attacks, government sources said

California gives teenagers an 'eraser button' to delete their web mistakes (Naked Security) Legislators in California are working to give teens more control over content they have posted on the web by giving them the ability to push the reset button on their social media profiles

California Enacts Poor Man's Right to be Forgotten (InfoSecurity Magazine) While California's tech giants lobby the European Union to weaken the proposed General Data Protection Regulation, especially the 'right to be forgotten,' their home state inaugurates its own admittedly more limited version

Parliament accused of turning "blind eye" to surveillance issues (ITProPortal) Tom Watson MP lambasts coalition government and shadow cabinet for failing to address surveillance issues

Shadow Home Secretary sets out anti-cybercrime plans at Labour Party conference (ITProPortal) Shadow Home Secretary outlines tough consequences for online offenders. The shadow Home Secretary Yvette Cooper has announced a crackdown on cybercrime during the last day of the Labour Party Conference

The FDA Needs to Regulate "Digital Snake Oil" (Slate) When Apple released the first iPhone in 2007, almost no one saw it as the seed of a medical revolution. But it may have been. Just a few years later, we now see phones that double as cardiac event recorders, blood glucose meters, and remote controls for blood pressure cuffs. Doctors can monitor labor and delivery remotely via smartphone. Quantified Selfers can track their bodies via digestible smart pills or stamplike skin sensors, or their brains via neuro headsets. Worried parents might soon consult mobile devices in the middle of the night or dress their infants in a smart onesie to monitor their breathing and sleep patterns

Products, Services, and Solutions

ZTE reveals plans for a new and improved Firefox OS smartphone, US launch expected first half of 2014 (TNW) Chinese telecommunications giant ZTE is planning a new-and-improved Firefox OS smartphone, a company executive said yesterday, except this time it will sport a dual-core processor, larger screen, and a better user experience

Look out, world! HP's found a use for Autonomy — rescuing Win XP bods (Register) Life-support switch-off deadline looms, wouldn't want anything to happen to your lovely data

Amazon' s Kindle Fire HDX: Power, with a Helping Hand (The Verge) The Kindle Fire tablets have always served primarily as portals to Amazon's massive troves of content. But this year, as the company introduces the new Kindle Fire HDX, Amazon tablets are on the precipice of becoming something much more powerful, and much more useful besides. Amazon's ready to compete on specs, on content, and on price — and it makes a compelling case in every respect

Egnyte Sports A New Look And Adds Security To Share The Most Sensitive Files (TechCrunch) Egnyte has a new look and with it a new platform that allows customers to share the most sensitive documents that historically file-sharing and storage services have not had the security in place to manage

IDS, NSM, and Log Management with Security Onion 12.04.3 (Internet Storm Center) This is a "guest diary" submitted by Doug Burks. We will gladly forward any responses or please use our comment/forum section to comment publicly. I recently announced the new Security Onion 12.04.3…What is Security Onion? Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes

Evaluating the IT security posture of business partners (Homeland Security Newswire) Evaluating the IT security of businesses is increasingly becoming a necessity when forming new business relationships. A start-up has launched a rating service, similar to a credit rating, to measure the security posture of a company based on a number of factors

LogRhythm Enters Network Forensics and NBAD Markets (BWW) LogRhythm, the leader in cyber threat defense, detection and response, today announced that it is entering the rapidly growing network forensics and network behavior anomaly detection (NBAD) markets with the availability of LogRhythm Network Monitor. Network Monitor significantly extends the accessibility of this critically important class of technology by being far more intuitive, expedient and cost-effective than traditional network forensics and NBAD solutions. Network Monitor eliminates significant blind spots plaguing most IT security organizations, allowing them to detect and respond to advanced threats and breaches faster and with greater precision than ever before

Rootkit detector for OS X (Help Net Security) ESET Rootkit Detector is a new security tool for OS X that scans for malicious kernel extensions attempting to change operating system behavior by hooking inside the OS. When the rogue kernel extensions hook inside OS X, they can bypass any security measure thus allowing complete access of system privileges

U.S. command in Afghanistan gives Army 60 days to fix or replace intel network (Washington Times) The Pentagon's main battlefield intelligence network in Afghanistan is vulnerable to hackers -- both the enemy or a leaker -- and the U.S. command in Kabul will cut it off from the military's classified data files unless the Army fixes the defects within 60 days, according to an official memo obtained by The Washington Times. The confidential memo says the Army's Distributed Common Ground System (DCGS) flunked a readiness test and does not confirm the sources of outside Internet addresses entering the classified database

BBJ unveils CyberBiz blog (BizJournals) "We've got a movement going here." With these words, Art Jacoby hooked me on Maryland's potential as a cyber security juggernaut

Northrop Grumman, U.S. Air Force Complete Warfighter Analysis Workshops for Air Operations Center Modernization Program (Wall Street Journal) The U.S. Air Force and Northrop Grumman Corporation (NYSE: NOC) have completed the third in a series of warfighter analysis workshops for the Air Operations Center (AOC) Weapon System (WS) modernization program. The workshops are part of the AOC WS rapid development and prototyping process that incorporates early user feedback to help reduce development costs and ensure operational success

General Dynamics Fidelis Cybersecurity Solutions Continues to Strengthen Threat Intelligence, Detection and Prevention (MarketWatch) Enhanced with a new real–time malware threat prevention application of YARA technology, Fidelis XPS(TM) helps customers reduce costs and downtime associated with threat remediation

Raytheon announces Suite B cryptography for cross domain access solution (Raytheon Trusted Computer Solutions) Raytheon Trusted Computer Solutions (RTCS), a wholly owned subsidiary of Raytheon Company (NYSE: RTN), today announced that Trusted Thin Client(TM), a commercial-off-the-shelf, enterprise-class, cross domain access solution, now utilizes Suite B cryptographic algorithms, providing the ability to meet the widest range of government information protection requirements. Trusted Thin Client is a cross domain access solution that enables access to multiple classified or sensitive networks, at various classification levels, from a single device

Microsoft Surface Tablet Details, Examined (InformationWeek) Surface 2 and Surface Pro 2 don't look much different than their predecessors but boast better chips and more battery life

Technologies, Techniques, and Standards

Is mobile anti–virus even necessary? (CSO) Experts disagree over whether or not there are any immediate threats to mobile devices that can be addressed with anti-virus software. Should you invest in AV for your smartphone or tablet

Why A Hardware Root Of Trust Matters For Mobile (Dark Reading) As the IT industry grapples with the security implications of mobile devices, some experts believe that one of the most important first steps it can take is to stop getting caught up in irrelevancies

Connecting The Dots With Quality Analytics Data (Dark Reading) Security analytics practices are only as good as the data they base their analysis on. If data simply isn't mined, if it is of poor quality or accuracy, if it isn't in a useable format or if it isn't contextualized against complementary data or risk priorities, then the organization that holds it will be challenged to scratch value out of analytics

5 Steps To Stop A Snowden Scenario (Dark Reading) No organization wants to believe one of its own could go rogue. But after being blindsided by the Edward Snowden leaks, even the highly secretive National Security Agency has been forced to overhaul its procedures to lock down just what its most privileged users can access and do with sensitive information

How the NSA cheated cryptography (Graham Cluley) Of all the revelations made by Edward Snowden, I find the recent one about Dual_EC_DRBG definitely the most intriguing and possibly the most shocking — even if it wasn't really news. It intrigues me because it is about elliptic curves. I love elliptic curves. I studied them quite extensively when I worked as a mathematician and although I don't use them anymore, I still feel a fondness for them

Python tools for penetration testers (Dirk Loss) If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them

Deloitte: Preparation key to networked device security (FierceHealthIT) Anticipation and preparation are key to mitigating the security and patient safety risks associated with networked medical devices, according to a new report from the Deloitte Center for Health Solutions

Apple Touch ID Fingerprint Reader Hack Heightens Biometrics Debate (Dark Reading) That didn't take long. The biometrics hacking team of the Chaos Computer Club (CCC) has defeated Apple's Touch ID feature, a fingerprint reader unveiled last week as part of Apple's announcement of the iPhone 5s. The move by Apple led some security experts to express hope that its adoption could lead to increased interest in biometric technologies among consumers. But CCC researchers say it's proof that fingerprint readers should be viewed skeptically

Apple Fingerprint Hack: A Great Reminder (InformationWeek) Apple's hacked fingerprint reader serves as a reminder to enterprise users: Be cautious about which two-factor mechanism you use. Of course it was just a matter of time before Apple's fingerprint reader was hacked. It's just impressive that the Chaos Computer Club did it quite so quickly. And it's a great reminder that using fingerprints as an authentication mechanism is simply a bad idea, especially in the enterprise

De–Serial Killer: Deserialization Perils (SecurityWeek) The root cause of many serious security incidents is some vulnerability in the implementation of the serialization-deserialization process. Just recently, such vulnerability was fixed in the WordPress application. Although these vulnerabilities can be extremely harmful, they seem to be less widely understood than the ones that involve direct user input. Therefore, this column is dedicated to taking a deeper look at them

Stop securing your virtualized servers like another laptop or PC (Tech Republic) Many IT managers don’t take the additional steps to secure their virtual servers, but rather leave them vulnerable to attacks with only antivirus software and data loss prevention packages. Here are the most common mistakes made and how to prevent them

Marketplace

DHS looks for veterans to fight cyber threats (Camp Lejeune Globe) The Department of Homeland Security is hiring veterans to join in their fight against cyber attacks on the nation's critical infrastructure and other vulnerable targets. No country, industry, or individual is immune to cyber attacks

Cyber Security Red Hot on Wall Street (Nasdaq) "If you give a man a fish, he'll eat for a day. If you teach a man to spearphish, he'll use your credit card to buy dinner!" This little tech joke speaks volumes about the impact of cyber threats in today's computer-dependent economy. Quite obviously, the financial industry is the worst affected by the rising menace of cyber crime

QinetiQ to Support SPAWAR with Software and Systems Engineering (GovConWire) QinetiQ North America has won a three-year, $10 million contract to develop and test various net-centric programs for the Space and Naval Warfare Systems Command Systems Center Atlantic. The QinetiQ Group plc subsidiary won the work under the Defense Information Systems Agency's ENCORE II contract, QNA said Monday

Will Twitter's IPO mark the top of a bubble? (MarketWatch) hough Twitter's upcoming IPO has rekindled worries that another dot-com bubble may be forming, the new-issue market actually is nowhere close to being as overheated as it was in the weeks leading up to the top of the internet bubble in March 2000

Twitter Deals Blow To Nasdaq's Tech IPO Dominance (Forbes) When Steve Jobs launched Apple AAPL +0.15%'s initial public offering in 1980, he chose to list his Silicon Valley computer company on Nasdaq. Apple sold its shares for $22 each, or $2.75 on a split adjusted basis. Six years later, Bill Gates took Microsoft MSFT -0.73% public on Nasdaq and ever since hot new tech companies have aligned with Nasdaq when it came time to make the big leap and become a publicly-traded company. In the 1990s, Netscape launched the Internet IPO on Nasdaq and companies like Google and Facebook continued the tradition

5 Reasons FireEye Antimalware Technology Is Overvalued By Wall Street (CRN) FireEye, which has been gaining attention for its white-hot antimalware detection system, was one of the most anticipated tech IPOs of 2013, and FireEye's IPO on Friday exceeded expectations. The Milpitas, Calif.-based security appliance maker valued its IPO at $20 per share, and Wall Street investors have embraced the company's stock. It ended its first day of trading with gains of 80 percent at $36.00 per share

Procera gets clear show of support (optionMONSTER Research) One trade apparently believes that any downside in Procera Networks will be limited for the next two months. optionMONSTER's tracking systems detected the

Alibaba Plans US Listing (Wall Street Journal) Alibaba Group Holding Ltd., China's most valuable e-commerce company, will hold its highly anticipated initial public offering in the U.S

AVAST Acquires Jumpshot (Dark Reading) AVAST will integrate and make Jumpshot's technology available to its users by end of year. AVAST Software, maker of the most trusted antivirus in the world, today announced that Jumpshot is now part of AVAST. Jumpshot's simple, clever solution optimizes customers' PCs in one easy step. The technology comes in the form of an animated team of minions who remove junk files, unnecessary toolbars, and files that slow down a PC's performance. The process of cleaning up and enhancing a computer's performance thus becomes effortless and entertaining. AVAST will integrate and make the technology available to its users by the end of the year

Enlightened Appoints Derek Smith as Director of Cyber Initiatives (Hispanic Business) Enlightened, Inc., an information technology (IT) consulting firm delivering Cyber Security, Systems Integration, and Management Consulting solutions, announced the appointment of Derek Smith as Director of Cyber Initiatives

Geritz's LifeJourney venture aims to foster STEM careers (BizJournals) Imagine being given the opportunity to "test drive" a career while still in school. Imagine going into college with a sense of direction, knowing what career path you already want to pursue. For Rick Geritz, founder and CEO of LifeJourney, the difficulty of knowing what's really out there makes it hard for students when deciding what they want to do in life. "Imagine walking into a restaurant and being handed a blank menu, or something that just says lettuce and meat. It's not an easy decision to make." For Geritz, children always respond to the question of, "what do you want to be when you get older?" with the usual lawyer, doctor or teacher

Research and Development

*ORA (CASOS) *ORA is a dynamic meta-network assessment and analysis tool developed by CASOS at Carnegie Mellon. It contains hundreds of social network, dynamic network metrics, trail metrics, procedures for grouping nodes, identifying local patterns, comparing and contrasting networks, groups, and individuals from a dynamic meta-network perspective. *ORA has been used to examine how networks change through space and time, contains procedures for moving back and forth between trail data (e.g. who was where when) and network data (who is connected to whom, who is connected to where…), and has a variety of geo-spatial network metrics, and change detection techniques. *ORA can handle multi-mode, multi-plex, multi-level networks. It can identify key players, groups and vulnerabilities, model network changes over time, and perform COA analysis. It has been tested with large networks (106 nodes per 5 entity classes).Distance based, algorithmic, and statistical procedures for comparing and contrasting networks are part of this toolkit

Security Patches, Mitigations, and Software Updates

Future Firefox to deactivate most plug–ins by default (C/Net) The Aurora test version of Firefox won't load browser plug-ins such as Silverlight and QuickTime unless the user grants permission — except in the case of Flash

Yahoo Will Offer 'Not My Email' Button To Report Mistaken Deliveries Due To Username Recycling (TechCrunch) Yahoo will begin offering a new 'Not My Email' button this week that gives owners of newly claimed, previously dormant, user names the ability to 'return' messages that were not meant for them. This is part of Yahoo's ongoing efforts to mitigate any potential harm that may come from its recent 'user name recycle program'. In order to continue providing

Multiple Vulnerabilities in Cisco Prime Data Center Network Manager (Cisco) Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others

Cyber Attacks, Threats, and Vulnerabilities

Chinese hackers increasingly attracted to the drone technology (Security Affairs) Intelligence agencies reveal that Chinese hackers increasingly attracted to the drone technology while Chinese drone industry grows like never before! The fact that Chinese hackers are most persistent collectors for sensitive information is not a mystery, more difficult to demonstrate the direct involvement of the PLA behind the operations of computer experts that systematically seek to unravel the secrets of Western companies and government organizations

Unofficial Android iMessage app can steal info and download malware (Help Net Security) Android users who have dreamed about being able to use iMessage, Apple's proprietary and free messaging solution, have been pleasantly surprised by the iMessage Chat for Android being offered for download on Google Play

Google yanks sketchy iMessage clone for Android from app store (ComputerWorld) An app that purportedly spoofed a Mac so that Android smartphone and tablet owners could send and receive text-like messages through Apple's iMessage service disappeared today from the Google Play app store

Major increase in Filecoder malware (Help Net Security) The ESET HQ malware research lab is reporting an unusual spike in the actvity of Filecoder malware - Trojans that encrypt user files and try to extort a ransom from the victim in exchange for a decrypting software. ESET LiveGrid - the company's cloud-based malware collection system - has shown a rising weekly number of Win32/Filecoder detections by over 200% since July 2013 from average numbers in January - June 2013. The most significant share of detections (44%) are from Russia, but a significant share is reported in southern Europe (Italy, Spain), Central and Eastern Europe (Germany, Czech Republic, Poland, Romania and Ukraine), and the United States

Filecoder: Holding your data to ransom (We Live Security) Trojans that encrypt user files and try to extort a ransom from the victim in exchange for a decryptor utility are nothing new: in fact, they have been around for several years. These "Filecoders", as we call them, are a prevalent category of ransomware, the other common type of ransomware being lockscreen scareware — ransomware that locks your desktop, displays a massage designed to look as it comes from local law–enforcement and, again demands a payment in order to regain access to your computer

Data Broker Giants Hacked by ID Theft Service (Krebs on Security) An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America's largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity. The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Customers pay for their subscriptions using largely unregulated and anonymous virtual currencies, such as Bitcoin and WebMoney

Newly launched E–shop offers access to hundreds of thousands of compromised accounts (Webroot Threat Blog) In a series of blog posts, we've highlighted the ongoing commoditization of hacked/compromised/stolen account data (user names and passwords), the direct result of today's efficiency-oriented cybercrime ecosystem, the increasing availability of sophisticated commercial/leaked DIY undetectable malware generating tools, malware-infected hosts as a service, log files on demand services, as well as basic data mining concepts applied on behalf of the operator of a particular botnet. What are cybercriminals up to these days in terms of obtaining such type of data? Monetization through penetration pricing on their way to achieve stolen asset liquidity, so hosts can be sold before its owner becomes

Researcher despairs of critical SIM flaws being fixed before attacks happen (Help Net Security) Two months have passed since researcher Karsten Nohl announced that he has found and managed to leverage critical flaws in the encryption technology used by some SIM cards, but the telecommunication companies are yet to react and fix them

Who rooted kernel.org servers two years ago, how did it happen, and why? (Ars Technica) More than two years after unknown hackers gained unfettered access over multiple computers used to maintain and distribute the Linux operating system, officials still haven't released a promised autopsy about what happened

Analysis of the FBI Tor Malware (Gareth Owen) The Tor network is an anonymising network that allows people to browse the web and access other services without being traced. As part of this network, there is the so called 'darknet', servers only accessible through Tor which host a variety of services from forums to e-mail. Whilst many of these services are innocent and aimed at those concerned about Human Rights abuses, the anonimity naturally attracts those with criminal intent such as the distribution of child pornography. It's then impossible for law enforcement agencies to trace the original IP address. In 2013, a piece of malware was found embedded in Freedom Hosting's darknet server that would exploit a security hole in a particular web browser and execute code on the user's computer. This code gathered some information about the user and sent it to a server in Virginia and then crashed — it had no obvious malicious intent that is so characteristic of malware. It was therefore theorised that the FBI, who have offices in Virginia, and who have 'form' for writing malware, may have authored it — this now appears to be true

Yahoo Recycled Emails: Users Find Security Surprises (InformationWeek) Some Yahoo users who took advantage of recycled IDs report they're getting emails intended for the old account holders — including personal data

iFruit Android apps for GTAV may contain malware (Webroot) Android users — Were you excited to see the iFruit app on the Google Play Store? Don't be! They are fake imitations of the iFruit app and may contain malware, according to a story by a computerandvideogames.com report

Mailbox.app Javascript execution (Michele Spagnuolo) Mailbox.app is a free email management application for iOS that offers very cool features to achieve Inbox Zero. The vulnerability: Mailbox.app executes any Javascript which is present in the body of HTML emails

jre7u21 and earlier Click–2–Play Warning Bypass integrating Exploit Kits (Malware Don't Need Coffee) A new variant of a "Kore-ish" Cool EK appeared few days ago. Yes…it's difficult to follow the EK fast moving landscape…No payload in the jar for that one

Fake Notification Spam From Social Networking Sites, iTunes Lead To Online Pharmacy (Trend Micro Threat Encyclopedia) Cybercriminals will always capitalize on the popular and the trusted, and this latest pharmacy spam campaign is no exception. In fact, it proves the theory in spades, as not only does it spoof popular social networking website email notifications such as Facebook and Instagram, it also spoofs iTunes, Google and Fedex

Siri offers the latest backdoor into your iPhone — just ask nicely! (Naked Security) We really didn't want to write another Apple iOS 7 story. But with reports surfacing that HAL's smooth-talking stepsister Siri lets you *talk* your way into a locked iPhone, we couldn't help it

Anonymous in Context: The Politics and Power behind the Mask (CIGI) Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been adept at magnifying issues, boosting existing -- usually oppositional -- movements and converting amorphous discontent into a tangible form. This paper, the third in the Internet Governance Paper Series, examines the intersecting elements that contribute to Anonymous' contemporary geopolitical power: its ability to land media attention, its bold and recognizable aesthetics, its participatory openness, the misinformation that surrounds it and, in particular, its unpredictability

Describe the Different Types of Cybercriminals. Which are the Most Dangerous? (Malcovery) When we speak about cybercrimes, such as phishing and malware attacks, we tend to lump cybercriminals into one category and operate under an assumption that they are all motivated to steal credentials that lead to some sort of financial theft. While those types of crimes do occur, it is important to distinguish between the different types of cybercriminals that comprise today's threatscape

NHC Healthcare Oak Ridge Admits Data Breach (eSecurity Planet) Patients' names, Social Security numbers, birthdates, home addresses and medical information may have been exposed

PLS Financial Acknowledges Security Breach (eSecurity Planet) Customers' names, addresses, e-mail addresses and Social Security numbers may have been accessed

Virginia Tech hack caused by human error, official says (Roanoke Times) The cyber-attack exposed sensitive information of about 145,000 job applicants at the university. Human error is to blame for a successful cyber attack on Virginia Tech's human resources department that exposed sensitive information of about 145,000 job applicants, a university spokesman said

Academia

University employee fired for inadvertently emailing student data (SC Magazine) An employee at San Francisco-based Atlius University was fired after an email containing personal data on nearly 200 enrollees was inadvertently sent to a student

Litigation, Investigation, and Enforcement

Highways Agency tracks Brits' every move by their mobes: THE TRUTH (Register) We better go back to just scanning everyone's number–plates, then? The Highways Agency, tasked with looking after England's motorways, buys data on Brits' whereabouts from mobile phone networks

Exclusive: Hundreds of U.S. security clearance records falsified, federal cases show (Reuters) Federal prosecutors have documented at least 350 instances of faulty background investigations done by private contractors and special agents for the U.S. Office of Personnel Management in recent years, illustrating what some lawmakers call systemic weaknesses in the granting of federal security clearances

Quality not a priority in security clearance process, GAO says (Federal News Radio) Concerns over missed red flags in Navy Yard shooter Aaron Alexis's background have thrust the federal government's security clearance program into the spotlight. That intensified last week when it was revealed that the same company, USIS, that performed a background investigation of National Security Agency leaker Edward Snowden had also performed Alexis' check in 2007

Obama's Favorite General Stripped of His Security Clearance (Foreign Policy) The Defense Department has stripped Gen. James "Hoss" Cartwright of his security clearance, depriving the man once known as "Obama's favorite general" access to classified data as the investigation into leaks of national security secrets continues

Metadata May Not Catch Many Terrorists, But It's Great at Busting Journalists' Sources (Foreign Policy) The National Security Agency says that the telephone metadata it collects on every American is essential for finding terrorists. And that's debatable. But this we know for sure: Metadata is very useful for tracking journalists and discovering their sources. Yesterday, a former FBI agent and bomb technician pleaded guilty to leaking classified information to the Associated Press about a successful CIA operation in Yemen. As it turns out, phone metadata was the key to finding him

Design and Innovation

African Accelerators Change Tack As 'Savannah Valley' Emerges From The Wilderness (TechCrunch) Kenyan accelerators, following mixed results from their rookie season, have tweaked their strategies for mentoring and investing in local entrepreneurs, in a bid to produce more successful startups. Accelerators 88mph and Savannah Fund are experiencing the growing pains felt by nascent, global startup ecosystems, attempting to transplant the popular investment model pioneered by

Internet's cherished spambot turns out to be just another human (Ars Technica) Horse_ebooks is real, and not real at all. A eulogy for the faux-faux account

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2013 Cyber Security Summit (New York, New York, USA, September 25, 2013) The 2013 Cyber Security Summit connects executives responsible for protecting their company's critical infrastructure with innovative product, service and solution providers. The one day event, to be held September 25th at the Hilton in New York City, will showcase the latest tools and resources available to defend against cyber crime on both corporate and government levels. Keynote addresses and interactive panel discussions lead by notable security experts will highlight strategic priorities, risk factors, threats and provide inspirational guidance to prepare and protect from attacks.

4th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 25, 2013) GEN Keith Alexander, Commander of U.S. Cyber Command, Director of the NSA/Chief, Central Security Service and Dr. Pat Gallagher, Director, NIST are among the distinguished speakers confirmed to keynote at the 4th Annual Cybersecurity Summit on September 25, 2013 at the National Press Club in Washington, D.C.Michael Daniel, White House Cybersecurity Advisor, and Gen. Keith Alexander, Commander U.S. Cyber Command, and Director, NSA, are confirmed to keynote. Cybersecurity topics to be addressed include: the White House Cybersecurity Executive Order, the Cybersecurity Framework and New Emerging Standards for Critical Infrastructure, information sharing, mobile security and BYOD, legislative developments in cybersecurity, big data and cloud cybersecurity, continuous monitoring, cyber situational awareness, and the JIE rollout active defense and cyber warfare. Organized by Billington CyberSecurity™.

Information Security Conference (Charleston, West Virginia, USA, October 2, 2013) On October 2, the WVOT Office of Information Security and Controls, will be sponsoring a no-charge information and cyber security awareness event at the Charleston Civic Center. The agenda will offer an energizing morning of highly informative sessions. Free posters, calendars, bookmarks, and other security-themed items will be available. The event is open to the public, however registration priority will be given to public sector officials and employees.

The Monktoberfest (Portland, Maine, USA, October 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.

Suits and Spooks NYC 2013 (New York, New York, October 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state aggressors in cyberspace. About twenty speakers will present briefings over two days on hackers, citizen militias, and other non-state entities operating in the Middle East, China, Russia, Pakistan, India, Iran, Africa, South America, the United States (yes - we have non-gov threat actors domestically), and other parts of the world. One of our panel moderators will be Joel Brenner (former National Counterintelligence Executive at the Office of the Director of National Intelligence and former Senior Counsel at the NSA).

Forensics and Incident Response Summit EU (Prague, Czech Republic, October 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to make the most of this event from attending the Summit to registering for one or more of the post-summit training classes taught by SANS' top-rated instructors and course authors. Additional events such as DFIR Netwars, evening talks and the SANS Community Night will be taking place during that week too. This event promises to bring together the leading minds in digital forensics and incident response in the EU, as well as many other practitioners from a wide cross section of industries and company sizes. You will be able to share with all of them your challenges and find out new solutions that work, techniques and approaches you didn't even know existed.

CyberMaryland 2013 (Baltimore, Maryland, USA, October 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for networking and idea sharing amongst the many cyber leaders and professionals across the country, including: federal, state and local government agencies, academic institutions, cybersecurity entrepreneurs, and industry leaders of research and development. CyberMaryland 2013 will address the biggest challenges facing America, including future innovation to meet the security challenges facing our country; collaboration across industry, government and educational institutions; and the development of a generation of cyber-warriors. Surrounding all of these issues is a constantly evolving business framework to provide efficient and effective solutions in a time frame that anticipates and mitigates current and future threats.

2013 Maryland Cyber Challenge (Baltimore, Maryland, USA, October 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school, college, and professional. Orientation sessions for teams in each of three divisions -- high school, collegiate and industry and government professionals -- will be held at UMBC in July and August. Two qualifying rounds will be conducted online using SAIC's Cyber Network Exercise System.

AFCEA Hill AFB Technology & Cyber Security Expo (Ogden, Utah, USA, October 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo some of the latest cyber security and information technology products/services available today..

International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, October 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through cyber-enabled data mining and knowledge discovery, distributed and parallel computing, cyber security, cloud computing, pervasive computing, mobile computing, Internet, wireless networks, cognitive systems, cyber information process, information discovery, e-health via cyber network, e-science, web technology, and network performance and tools. The research and development in these areas have received extensive attention in both the academia and industry to provide ubiquitous services for users. Various hardware and software designs, algorithms, protocols, simulations, and test-bed, and implementations are developed for distributed computing in an interconnected and distributed network environment. The purpose of CyberC is to provide a forum for presentation and discussion of innovative ideas, research results, applications and experience from around the world as well as highlight activities in the related areas.

VizSec 2013 (Atlanta, Georgia, USA, October 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, October 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer at Facebook. This year's event also features all new 2-day training courses (14th/15th October) on a wide variety of topics including Android exploitation, extreme web hacking, infrastructure security, exploiting injection flaws and a special iOS security course by the world famous Evad3rs team. The full speaker list and conference agenda will be released after the Call for Papers closes on the 25th of July.

USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, October 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit topics will focus on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security..

SNW Fall 2013 (Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.

Hexis Exchange (Athens, Greece, October 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such topics will include: emerging cybersecurity threats, big data management, advanced analytics, government regulation & compliance, and data retention challenges & solutions.

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, October 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers, essential networking opportunities, and an informative technology exposition. The Symposium sessions will have a special emphasis on security challenges facing today's security professionals and cyber awareness training for security professionals responsible for protecting sensitive and classified information from the ever increasing threats of mobile devices, espionage, terrorism, and cyber-attacks to ensure our national security. Register by August 31 to ensure the reduced early bird registration fee. This event is free for government employees and active-duty military personnel. Exhibit space and sponsorship opportunities are also available.

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, October 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel.

Securing the Internet of Things Summit (San Francisco, California, USA, October 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective. SANS is looking to bring together community talent and ideas to develop new solutions, demonstrate security technology that already works and to provide a force multiplier to making the Internet of Things be more secure than the first phases of Internet evolution.

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.

Cloud Connect (Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, October 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.

Joint Federal Cyber Summit 2013 (Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.

The CyberWire Daily Briefing for 9.25.2013