The CyberWire Daily Briefing for 11.7.2013
The Microsoft Office zero-day, reported and hastily mitigated with workarounds this week, is exploited in the wild, both in Citadel campaigns and targeted attacks.
Google's webcrawler, innocent in itself, is linked to SQL injection attempts. Rapid7 reports seven Super Micro IPMI firmware zero-day vulnerabilities. Cyber criminals embed malware in RTF files distributed as attachments to emails with spoofed sender addresses.
In the US, a denial-of-service tool targeting Healthcare.gov is found. In the UK, National Health Service systems suffered significant outages from "misfiring" anti-virus software.
Forbes notes the a priori dangers involved in USB charging.
Cisco patches telepresence product vulnerabilities. Twitter closes account-hijacking holes.
The airline industry undertakes steps to secure itself from cyber attack as reservation and boarding systems, with related airport infrastructure, become popular targets.
Gulf States foresee surging attacks on oil and gas companies.
Two broad cyber trends may be summed up: (1) lack of anonymized reporting inhibits intelligence sharing, and (2) reverse-engineering depends on expensive labor; a strategic shift toward automation is needed.
In industry news, CyberPoint announces an agreement to acquire high-end engineering firm Bitmonix. Barracuda's shares surge in their IPO.
BeehiveID promises an end to sockpuppetry. Thales and IBM partner on BYOK (bring-your-own-key).
Estonia's experience in the first cyber war holds lessons for the future. MI-5, MI-6, and GCHQ chiefs answer Parliamentary questions on surveillance. Naming and shaming of Chinese cyber operators seems not to inhibit the PLA. Emerging consensus: NSA didn't evade oversight, but the nature and quality of that oversight may be problematic.
Today's issue includes events affecting Australia, Denmark, Estonia, Germany, India, Iran, Israel, Italy, Japan, Republic of Korea, Nigeria, Pakistan, Singapore, South Africa, Spain, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Microsoft zero–day was used in Citadel Trojan campaign, as well as targeted attacks (Graham Cluley) CitadelResearchers at FireEye say that they have uncovered evidence that the recently-announced Microsoft zero-day vulnerability is not just being used in targeted attacks, but also has been used in wider finanically-motivated malware campaigns
Deciphering Microsoft Security Advisory 2896666 on Word zero–day exploit (InfoWorld) The straight story on Microsoft's uninformative, poorly worded security advisory about attacks delivered via a bug in the TIFF codec shipping with Office
Google's web crawler linked to SQL Injection attempts (CIO) In a recent blog post, Daniel Cid, CTO of Securi, a company that provides website security monitoring and related services, published details of a recent SQL Injection attempt. That in itself isn't anything major, SQL Injection attempts happen quite frequently, but the source of the attempt certainly raises some eyebrows – it was Googlebot
Seven IPMI Firmware Zero Days Disclosed (Threatpost) A number of previously unreported vulnerabilities in Super Micro IPMI firmware were disclosed today that could put servers at hosting providers at risk
Malware peddlers testing new infection techniques (Help Net Security) An ongoing malicious spam campaign impersonating UPS has shown that malware peddlers are experimenting with different approaches for infecting hapless users, and additional recent spam campaigns have
Denial–of–service tool targeting Healthcare.gov site discovered (Ars Technica) Hacktivist software designed to put a strain on struggling Obamacare website
Lunarline CEO Addresses HealthCare.gov Security Concerns on NPR Morning Edition (Sacramento Bee) Lunarline CEO Waylon Krush recently addressed HealthCare.gov security concerns as a guest on NPR Morning Edition
Dodgy Kaspersky update borks THOUSANDS of NHS computers (The Register) A misfiring antivirus update from Kaspersky Lab "effectively levelled several networks" last months including systems at Britain's NHS, The Register has learned
Cybercrime gangs seek victims in untapped markets (Help Net Security) A record number of brands were targeted by phishers in the second quarter of 2013, according to APWG. A total of 639 unique brands were targeted by phishing attacks in the period, topping the previous
Cybercriminals opting for real–time malware campaigns and phishing (Help Net Security) The third quarter of 2013 saw further use of real-time malware campaigns and a dramatic increase in phishing sites, according to Commtouch
Most visits to a login page are made by malicious tools (Help Net Security) Incapsula surveyed 1,000 websites over a 90-day period, during which we recorded over 1.4 million unauthenticated access attempts and 20,376 authenticated logins
Power Over USB (Forbes) I've been reading about enhancements to the USB 3.0 standard that would allow a USB cable to provide up to 100 watts of power…But I have one concern that I haven't seen addressed in the press. Of course USB cables carry both data and power. So, when you plug your device into a USB distribution system, whether it's a laptop or phone, you're plugging it into a network
Estonian Art Museum website down for second day after cyber attack (Baltic Course) The Estonia Art Museum (KuMu) website was cyber-attacked Tuesday afternoon, after which KuMu closed its homepage and hasn't still relaunched it, LETA/Postimees Online reports
Peoples Trust Hacked (eSecurity Planet) Customers' names, phone numbers, e-mail addresses, birthdates and Social Security numbers may have been accessed
Anonymous Hackers Launch Operation Against Bullfighting (Softpedia) Anonymous hackers have launched a new campaign against bullfighting. The operation, dubbed OpTorosSiTorerosNo (Spanish for "Bulls Yes, Bullfighters No") will start on November 11
Security Patches, Mitigations, and Software Updates
Cisco Fixes Blank Admin Password Flaw in Telepresence Product (Threatpost) Cisco has patched a number of vulnerabilities in several separate products, including a serious remote code execution flaw in its Wide Area Application Services Mobile software that could allow an attacker to take complete control of a vulnerable device
Twitter Fixes Bug that Enabled Takeover of Any Account (Threatpost) Security researcher Henry Hoggard recently discovered a cross site request forgery (CSRF) vulnerability in Twitter's "add a mobile device" feature, giving him the ability to read direct messages and Tweet from any account
Airline Industry Swooping in to Prevent Cyberattacks (Aviation Pros) Worried that computer hackers attacking banks and media companies could easily shift targets, the airline industry is taking preemptive steps to ensure it doesn't become the next victim…"The aviator guys are getting together because they see what's going on in every other sector," said Paul Kurtz, chief strategy officer for computer security firm CyberPoint International
IATA issues aviation cyber attack warning (TravelWeekly) Aviation is potentially vulnerable to cyber attack as it faces new computer-based security threats, Iata has warned
Cyber attacks against oil and gas infrastructure will cost companies $1.87 billion by 2018 (Zawya) One of the most important trends that affect the Oil & Gas industry is cyber security, recent ABI Research study predicted that cyber attacks against oil and gas infrastructure will cost companies $1.87 billion by 2018
Cyber war targets Middle East oil companies (Business Recorder) Middle Eastern oil and gas companies have been targeted in massive attacks on their computer networks in an increasingly open cyber war where a new virus was discovered just this past week. The United States and Israel, believed to behind the first cyber sabotage campaign that targeted Iran's nuclear programme, are now worried about becoming targeted themselves
Survey Finds Enterprise Data Breaches Are Significantly Underreported (eSecurity Planet) 57 percent of enterprise malware analysts say they've investigated or addressed a data breach that was never disclosed by their company
Firms Lack Malware Analysis, Incident Response Expertise: Study (CRN) Targeted attacks that use custom malware and other techniques to dupe traditional security software such as antivirus can be detected with advanced threat detection technologies, but most firms lack the skilled security expertise to follow up with analysis and incident response when a threat is detected
Cyber security losses remain unknown (BusinessTech) Governments and businesses spend $1 trillion a year for global cybersecurity, but unlike wartime casualties or oil spills, there's no clear idea what the total losses are because few will admit they've been compromised
Why has there been so few African companies buying specific cyber insurance cover? (BusinessDay) Nigeria is one of the most technologically advanced countries in Africa, indeed their mobile banking technology is far more advanced than most, with "Mobile Money" set to have an ever increasing use. With such technologies comes increased risks of cyber crime and data thefts. A Nigerian Data Protection Bill is being considered, but at present no relevant legislation is in force
Cyber spying risks the future of the internet: Eugene Kaspersky (The Age) Cyber espionage between nations has reached such damaging levels it risks not only the trust between friendly countries, but the future of the internet itself
Employees stuck with unauthorized file sharing services (Help Net Security) Most employees (81%) access work documents on the go. Yet in the absence of an enterprise-grade file sharing alternative, 72% are resorting to unauthorized, free file-sharing service
Bruce Schneier wants to make surveillance costly again (PCWorld) The ongoing revelations of governmental electronic spying point to a problem larger than National Security Agency malfeasance, or even of security weaknesses. Rather the controversy arising from Edward Snowden's leaked documents suggest we face unresolved issues around data ownership, argued security expert Bruce Schneier
Experts warn of risk to cloud storage amidst growing cyber threat (Technews) With more businesses storing their crucial data on virtual spaces, security experts have reportedly warned that with lack of security measures, the cloud data is as prone to cyber attack risk as any other data
CyberPoint International Acquires High-End Engineering Firm Bitmonix (Bloomberg Business Week) CyberPoint International, LLC, a global provider of cyber security services, solutions, and products, announced today that it has made an agreement to acquire the high-end engineering firm Bitmonix. Serving customers in the Greater Baltimore Metropolitan region, Bitmonix has developed a reputation for technical and performance excellence in the areas of cryptographic systems engineering, system security, and data analysis. With this acquisition, CyberPoint welcomes a like-minded, passionate, and experienced team of engineering professionals to its ranks. The acquisition also broadens CyberPoint's customer footprint in the government and commercial marketplace
Cyber security company Barracuda's shares soar in debut (Reuters) Shares of Barracuda Networks Inc, a data storage and internet security company, jumped as much as 32 percent in their debut, underscoring a growing interest in the red-hot cyber security market
Twitter Flies On Its First Day As A Public Company: Shares Pop 73% On First Trades, Debuts At $45.10 And $31B Valuation (TechCrunch) From a humble beginning as a failing podcast startup to an online conversation service now used by over 230 million people worldwide, Twitter today started its first day of trading as a public company with a bang. Trading on the NYSE as $TWTR, the stock opened up at $45.10, a pop of 73% on the price of $26 that it set yesterday. The pop values the social network at $31 billion, on fully diluted
CSC, Trend Micro Enter Global Cyber Intell Partnership (ExecutiveBiz) Computer Sciences Corp. and Trend Micro Inc. have forged an alliance that will provide global customers an intelligence technology that works to protect enterprise data and computer systems
Sequestration cut $4 billion from intelligence budget in fiscal 2013 (FierceGovernment) Sequestration cut an already-declining intelligence community budget by more than $4 billion in fiscal 2013, recently released statistics from the Defense Department and the National Intelligence Director show
Kaspersky: "We detect and remediate any malware attack," even by NSA (Ars Techica) Firm responds to EFF question about AV cooperation with government surveillance. Antivirus provider Kaspersky has designed its products to detect all malware, even if it's sponsored by the National Security Agency or other government entities under programs espoused to target terrorists or other threats
Eric Schmidt's outrage at the NSA: The pot calling the kettle black? (ComputerWorld) Google chairman Eric Schmidt's concern for citizen privacy following reports that the National Security Agency (NSA) may have broken into the company's data streams is ironic considering the Internet giant's own spotty record on privacy
Terry DiVittorio Appointed KCG Cybersecurity VP (GovConWIre) Terry DiVittorio, formerly a director for Blue Canopy's cybersecurity business unit, has joined Knowledge Consulting Group as vice president of cybersecurity strategy and solutions development. The more than 20-year industry veteran will be charged with developing strategies to grow KCG's portfolio of network defense, incident response and security offerings, KCG said Monday
Products, Services, and Solutions
SafeToGo USB 3.0 hardware encrypted flash drive released (Help Net Security) Cardwave has partnered with BlockMaster to produce the next generation of highly secure USB 3.0 compliant flash drives. The new device will typically work at 2 to 3 times faster than a conventional
Dear Internet bots and sockpuppets: Your days are numbered (IT World) BeehiveID analyzes your social media accounts to figure out who's fake and who's real on the Web
Thales Helps Microsoft Launch BYOK (Bring Your Own Key) (Dark Reading) Unveils cloud-based digital rights management system
Technologies, Techniques, and Standards
Protecting Your Enterprise From DNS Threats (Dark Reading) Attacks via the Internet's Domain Name System may seem out of your reach, but there are ways to prevent them
Introduction: ICANN's Alternative Path to Delegation (Part 1 of 4) (CircleID) As widely discussed recently, observed within the ICANN community several years ago, and anticipated in the broader technical community even earlier, the introduction of a new generic top-level domain (gTLD) at the global DNS root could result in name collisions with previously installed systems
Estonia: To Black Out an Entire Country — part one (Infosec Institute) The cyber-attacks that befell Estonia in 2007 is a case much discussed and underrated at the same time. Many tend to ignore the eloquent fact that this incident represents the first time when an entire country's information defense systems and resources were put to the test. Moreover, according to the rumors, Estonia was attacked by foreign entities, which under some circumstances may qualify this little cyber-offensive as a use of force, or even an armed attack, pursuant to UN Charter
Hypervisor–based, hardware–assisted system monitoring (Help Net Security) In the last few years, many different techniques have been introduced to analyse malicious binary executables. Most of these techniques take advantage of Virtual Machine Introspection
U.S. Government Releases Proposed Cybersecurity Framework (InfoToday) The Obama administration is taking public comments on a proposed framework for improving cybersecurity in communication and other critical industries. In late October, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework as a significant element of an administrative-wide directive to respond to cybersecurity threats. The framework is intended to provide government, businesses, and industries with a series of cybersecurity standards, references, and best practices to identify, protect, respond, and recover from cybersecurity attacks
'123456' may be an adequate password to protect nothing (Virus Bulletin) Are we giving users the right kind of advice when it comes to password security? A recent data-breach at Adobe has shown once again that a lot of users choose the most trivial of passwords to protect their online accounts. But is this really what we should be focusing on
Research and Development
Countering click spam: Researchers test new algorithm to detect, combat fraudulent clicks online (Phys.org) When is a click not a click? When an advertising network registers a click on one of their online advertisements, how can it be sure that a single consumer – a "pair of eyeballs" in Madison Avenue jargon – and not a malware computer program, is behind that one click? Or that the viewer's click was intentional, not induced by deceptive or misleading advertising
US intelligence agencies losing their technological superiority (South China Morning Post) A US congressional panel created long before the recent revelations about government electronic spying operations issued a blistering report charging that the intelligence world's research-and-development efforts are disorganised and unfocused
Prototype Encrypts Data Before Shipping It To The Cloud (Dark Reading) 'CloudCapsule' shields file contents from the OS, malware, and the cloud provider. Researchers at Georgia Tech have built a prototype that encrypts files before they are sent to the cloud for storage
University of Montana opens new big data cyber security courses (FierceBigData) The University of Montana is starting courses in cyber security using big data in its new Cyber Innovation Laboratory funded by a $500,000 grant from the National Science Foundation and another $40,000 from local technology companies
Special agent talks to junior high students about cyber safety (Watertown Daily Times) A special agent who handles electronic crimes such as child exploitation had some words of advice Tuesday for seventh-grade students at J.W. Leary Junior High School: It's a scary cyberworld out there, so be careful
Cybersecurity Competition's Sixth Season Kicks Off To A Larger Playing Field (Satnews) The Air Force Association announced today that CyberPatriot, the National Youth Cyber Defense Competition, has drawn 1,566 teams for its sixth season of competition, representing a nearly 30 percent growth from last year. This year, teams represent all 50 states, the District of Columbia, Puerto Rico, Canada, and U.S. Department of Defense Dependent Schools in Germany, Italy, The Republic of Korea, and Japan
Legislation, Policy, and Regulation
China military hackers persist despite being outed by U.S. — report (Reuters) The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions, a U.S. computer security company and congressional advisory panel said on Wednesday
UK spy chiefs to be quizzed in public for first time, on Snowden (Chicago Tribune) Britain's intelligence chiefs will give their first ever public testimony on Thursday when they are cross-examined together in parliament about the case of former U.S. spy agency contractor Edward Snowden
Spy agency chiefs defend surveillance (THe Guardian) The appearance of MI5's Andrew Parker, MI6's Sir John Sawers and GCHQ's Sr Iain Lobban before the intelligence and security committee has come to an end. Here are the key points
Spanish political parties 'happy' with spy chief explanation of allegations of US surveillance (Washington Post) Spanish political parties say they are happy that Spain's secret service is operating lawfully, but are still waiting for the United States to provide explanations for allegations that its National Security Agency carried out surveillance in the country
Apple just revealed Germany's conflicted attitude to privacy (Quartz) It's been a strange couple of weeks for Germany. After revelations last week that American spies had been tapping Angela Merkel's phone, news emerged over the weekend that Germany was pushing to have data protection rules included in the Transatlantic Trade and Investment Partnership (TTIP), a trade deal between the United States and the European Union. Even the most ardent supporters of strict data protection rules realize that this is a bad idea…Yet for all Germany's posturing about privacy, it is also one of the leading countries requesting user data from big tech firms
Intelligence officials argue for bulk telephony metadata (FierceGovernmentIT) Intelligence officials pushed back against proposals to end the bulk storage of telephony metadata, telling a Nov. 4 oversight panel that limiting metadata collection to cases when the records can be tied to particular individuals would make counterterrorism efforts more difficult
As US government surveillance watchdog group opens for business, questions linger (Ars Technica) Ars speaks with chairman of the Privacy and Civil Liberties Oversight Board
NSA revelations will not spawn Church, Pike-type congressional investigations (The Hill) The growing furor on Capitol Hill over the National Security Agency's domestic intelligence operations will not trigger the kind of widespread congressional investigations that decimated the intelligence community in the late 1970s
How Emperor Alexander Militarized American Cyberspace (Foreign Policy) And why the White House needs to split up the "deep state" of the NSA and Cyber Command
The Surveillance State Puts U.S. Elections at Risk of Manipulation (The Atlantic) Imagine what Edward Snowden could have accomplished if he had a different agenda
Obama's Likely Pick for NSA Chief Is a Master Spy. It May Not Be Enough. (Foreign Policy) Vice Admiral Michael S. Rogers, the odds-on favorite to be nominated by President Obama as the next director of the National Security Agency, has all of the intelligence and military credentials for the position. "A walking resume for this job," said retired Admiral James Stavridis, who recently served as NATO's Supreme Allied Commander in Europe and has known Rogers for more than a decade
Danish authorities hold cyber–attack simulation exercise (Telecompaper) The Danish Digitisation Agency said national authorities will be holding a training exercise on 06 and 07 November on how to deal with cyber-attacks
Litigation, Investigation, and Law Enforcement
As Ross Ulbricht Appears In New York Court, His Lawyer Says He's Not The FBI's Dread Pirate Roberts (Forbes) The thin, tousled-hair 29-year-old who stood before a judge in a downtown Manhattan courtroom Wednesday didn't look like an Internet drug kingpin. And the lawyer defending him says he intends to show that he's not
Make him a wiki he can't refuse: MafiaLeaks takes on the Godfathers (The Register) Informers urged to tattle on your capo di tutti capi
Apple publishes new transparency report. Is there a 'warrant canary' nesting inside? (Naked Security) The term refers to telling customers what you're not allowed to tell customers: namely, that you've been served with a subpoena for data, with attendant gag order, sometime during a given time span. This passive method of informing-by-omission is done by an ISP telling customers when the subpoena
Singapore vows to hunt down Anonymous hackers (Rappler) Singapore will "spare no effort" to hunt down hackers from activist group Anonymous who last week threatened to wage a cyber war against the government, Prime Minister Lee Hsien Loong said Wednesday
Queensland police forced to fend off regular cyber assaults (Australian Broadcasting Corporation) The Queensland Police Service is stepping up its computer security after coming under sustained cyber attack in the past 12 months
For a complete running list of events, please visit the Event Tracker.
Operationalize Threat Intelligence (Webinar, Dec 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data into knowledge so we can act. Attendees will learn concepts and best practices that enable organizations to reduce, prioritize and operationalize threat intelligence.
KMWorld 2013 (, Jan 1, 1970) KMWorld 2013 is a must-attend event for those concerned with improving their organizations' bottom line, business processes, and productivity, as well as streamlining operations, and accelerating development and innovation in their evolving enterprises. It offers a wideranging program especially focused to meet the needs of executives, and strategic business and technology decision-makers. Attendees learn how to maximize their technology investments through practical information and case studies; build relationships with speakers and thought leaders from around the world; and create flexible, competitive enterprises.
CyberInnovation Briefing (Baltimore, Maryland, USA, Nov 7, 2013) As cyber attacks plague critical infrastructure, financial institutions, and the federal government, liability and privacy remains a growing concern. With losses mounting and sensitive information being leaked several questions remain unanswered - who's liable, who's responsible, what are enterprises doing to protect their customers? In this panel, experts in cyber security liability, privacy, and insurance will define cyber security and privacy liability, explore the basic coverage offered under cyber security and privacy insurance policies, the types of claims being paid out, the costs for coverage, the process for notification and handling of claims, breach litigation (minimizing the risk of a law suit and finding settlement opportunities), and forensics, crisis management and parties involved when a breach occurs.
Maryland Art Place Annual Fall Benefit (Baltimore, Maryland, USA, Nov 9, 2013) Maryland Art Place (MAP) is pleased to announce the participating artists of its 2013 Annual Fall Benefit, the Starlight Dinner - highlighting technology and innovation in contemporary art. The dinner will be held on Saturday, November 9, 2013 at 6 o'clock in the evening at the beautiful Thames Street Wharf building, located at Harbor Point courtesy of Beatty Development. A great deal of technology of interest to the cyber community will be on display.
cybergamut Technical Tuesday: Location Based, Context Aware Services for Mobile — Today and Tomorrow by Guy Levy-Yurista, Ph.D. (available at various nodes, Nov 12, 2013) As we continue to grow our dependence on mobile devices in our daily routine from taking pictures to delivering corporate documents, the contexts in which these devices are acting becomes increasingly important. Mobility today does not only take into account who the user is but where they are, when they are there, why they go there, what they're interested in, and what they're going to do. As our smart phones evolve, they are growing into a contextual engine that will not be just our personal assistant, but also our best friend providing us with all our information needs at the right time and in the right place.
Teaching Computer Forensics (Sunderland, England, UK, Nov 14, 2013) The workshop is an opportunity for academics and students in the computer forensics subject area to address the current issues and challenges in a number of themes including (but not exclusive to) student experience, student retention, computer forensics research (and the REF), new technologies (hardware and software), new computer forensics themes (cloud forensics, geo-positional forensics) curriculum changes, legal developments, ethical issues, accreditation and employability.
Cyber Education Symposium (Arlington, Virginia, USA, Nov 19 - 20, 2013) Both the public and the private sectors suffer from a lack of highly trained and effective cyber security leaders. In response, the government, businesses, and academic institutions are all exploring ways to retrain the existing workforce and develop a new pool of cybersecurity professionals capable of meeting the needs of tomorrow. The Cyber Education Symposium offers a rare opportunity for the brightest minds in government (.gov), the private sector (.com), and the educational community (.edu) to convene and discuss trends and challenges in cybersecurity education. The Symposium will provide a forum to identify new ways of thinking about the problem, exchange best practices, and forge a pathway forward that leverages the full resources of our nation's leadership.
APPSEC USA (New York, New York, USA, Nov 18 - 21, 2013) Welcome to Appsec USA 2013, New York - a world class software security conference for developers, auditors, risk managers, and entrepreneurs, bringing you the world's top speakers, the most relevant security topics and an unbeatable atmosphere. Hosted by OWASP.
IT Forum Expo/Black Hat Regional Summit (, Jan 1, 1970) Black Hat Regional Summit will introduce a mix of local in-region experts and researchers from around the globe, discussing the latest trends in information security with an audience of peers. The sessions will provide candid insight and education for IT security professionals.
2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.