The CyberWire Daily Briefing 11.12.13

Cyber Trends

Malware analysts regularly investigate undisclosed data breaches (Help Net Security) ThreatTrack Security published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company

From phishing to adult content, many CEOs benefit from analyst cover–ups (FierceCIO) Call it one of IT's dirty little secrets. One of the biggest threats to security in most organizations is the behavior of senior executives, a new study by ThreatTrack Security reveals. The sins include installing malicious applications, allowing family members to use corporate devices and surfing for adult content. And in a majority of cases, the incidents go unreported

Why cybercriminals want your personal data (Help Net Security) Over the past few years, the personal data theft landscape has changed as online behaviors and activities evolve. Online shopping is more popular than ever, businesses are storing sensitive information in the cloud and 16 minutes out of every hour spent online is spent on a social network

1 in 5 employees succumb to phishing emails, says new study (FierceCIO:TechWatch) According to a recent study by security training firm ThreatSim, an average of 18 percent of messages in a phishing campaign succeed in tricking recipients into clicking on a malicious link. One extremely successful campaign, according to ThreatSim, induced a staggering 72 percent of users to click on a link

For the sake of privacy it's time to ditch the expression "Mass Surveillance" (Privacy Surgeon) For more than forty years privacy scholars have made a core distinction between targeted surveillance (directed at individuals and small groups) and mass surveillance (directed against large populations). Experts agreed that the world was moving toward an era of mass surveillance in which there was a reversal of the onus of proof, turning entire nations into suspects

Cyber threats organisations will deal with in 2014 (Help Net Security) The threat landscape is constantly evolving, and it's an enterprise's job and duty to keep up with the changes and do the best it can to protect its data, employees and networks

Who is to blame for hacker-phobia? (Naked Security) With phone hacking and NSA leaks making the front pages, cyber security is getting more attention from the mass media than ever before. But is the public becoming more informed — or misinformed

Australian organizations facing acute threat of cyber attacks (WhaTech) Australian organizations are facing increasingly demanding challenges, with the risk of cyber attack rising by 250% since 2010 , warned BSI today

Cybersecurity Threats Are Rising — EY (Forbes) Cyber security has moved from operations to a concern of the C-suite and the board, EY (formerly known as Ernst & Young before getting carried away with hip rebranding), the consultancy, has found in its work across industries

Could hackers hit airline industry? (TH Online) Experts suggest that many networks might be vulnerable to cyberattacks

Banking malware infections rise to highest level since 2002 (NetworkWorld) Infections became more distributed throughout the world, according to Trend Micro

Legislation, Policy and Regulation

NSA leaks on Canadian surveillance coming, Greenwald says (CBC News) Reporter in Edward Snowden NSA leaks says there are many documents about Canada

U.S., Germany discuss intelligence cooperation after Merkel affair (Reuters) After disclosures that the U.S. National Security Agency tapped German Chancellor Angela Merkel's cellphone, Washington and Berlin are discussing new rules to govern dealings between their spy agencies, U.S. and European officials said

Spain: US ambassador says NSA acts legally in Spain, respects citizens' privacy, Spanish law (Washington Post) Spain says the U.S. ambassador has given his assurances that the U.S. National Security Agency's activities in the country are carried out in conjunction with Spain's intelligence agency and in accordance with Spanish law

Italy pledges to improve data privacy protection (Missoulian) The Italian government says it is taking steps to better protect the privacy of its citizens' data in the wake of revelations about the U.S. National Security Agency's surveillance work

European NSA is not a solution (Help Net Security) The European Parliament should use its powers to reconsider EU-US data transfer deals and push for the creation of a European privacy cloud, EU-level protection for whistleblowers and a strong judicial authorisation of surveillance activities, data protection and intelligence experts told MEPs at the eighth Civil Liberties Committee hearing on surveillance of EU citizens. Creating a European Intelligence Service is not a solution, they added

Intelligence rebuff poses political dilemma for White House (Financial Times) US intelligence officials are mounting a strong internal defence of some of their most controversial electronic surveillance programmes, creating a political dilemma for the White House as it tries to dampen the furore over the National Security Agency

GCHQ director Sir Iain Lobban claims secret surveillance methods are not 'sinister' (Computing) GCHQ director Sir Iain Lobban, has insisted that the spy agency's secret methods are "not sinister", when he was questioned, alongside the heads of MI5 and MI6 by MPs in public for the first time

Is Edward Snowden a hero? (Globe and Mail) Earlier this week, Britain's spy chiefs testified before Parliament. American intelligence contractor turned leaker Edward Snowden, they told MPs, has undermined the security of the United States, the United Kingdom and their allies. Iain Lobban, head of the eavesdropping agency GCHQ, said that some of his organization targets now engage in "near-daily discussion" of Mr. Snowden's revelations. "Our adversaries are rubbing their hands in glee," said John Sawers, who heads Britain's foreign spy agency MI6. "Al-Qaeda is lapping it up"

National Security Whistleblowers Could Win New Protections (Government Executive) One of the many government responses to this summer's leaks from fugitive National Security Agency contractor Edward Snowden could be a new set of tools to allow defense and intelligence agency whistleblowers to make controversial disclosures through official channels

Congress considers Senate confirmation for NSA chief (CBS News) The Senate Intelligence Committee last week advanced a plan to make the next National Security Agency chief subject to Senate confirmation, a move designed to increase transparency and accountability within the NSA in the wake of the Edward Snowden leaks

GOP lawmaker: Europe can help curb NSA (The Hill) Rep. James Sensenbrenner Jr. (R-Wis.) on Monday asked the European Parliament to work with the United States on finding a balance between liberty and security

A Fraying of the Public/Private Surveillance Partnership (The Atlantic) The secret eavesdropping ecosystem is breaking down, thanks to the Snowden documents

Kerry: Obama didn't order all NSA spying (KFOXTV) Secretary of State John Kerry says his counterparts in other nations know President Barack Obama didn't order up all the snooping that the National Security Agency conducted abroad

NSA spying legislation creates unexpected splits in Nevada delegation (Las Vegas Sun) Nevada's elected officials in Washington, D.C., have made some unusual alliances of late when it comes to national security and civil liberties

Greater urgency needed in fight against cybercrime (Irish Times) The Snowden revelations and unauthorised surveillance of European citizens' data have given fresh impetus to moves to better protect individuals and their information

I want NSA chief's head on a plate for Merkelgate, storms Senator McCain (The Register) And raging Republican reckons 'pigs will fly' if Snowden hasn't sold out to the Russians

John McCain Calls on NSA Director to Resign, Backs Down Immediately (The Atlantic) The Arizona senator's aborted demand for accountability in Washington was a farce

Snowden files — survey shows confusion over NSA's role (The Guardian) A survey in the US has shown many people have formed mistaken impressions about what the NSA does and does not do

Poll's lesson for NSA: Show that surveillance programs actually combat terrorism (Washington Post) Almost two-thirds of Americans with higher perceptions of terrorist threats said they would be willing to have the United States carry out assassinations of known terrorists "if it was necessary to combat terrorism," according to a poll last month

Feinstein NSA bill competes with Freedom Act (Digital Journal) Although Congress members have introduced almost 30 different bills to reform and restrict National Security Agency spying, there are two bills that have the most momentum

Other Views: Time to get serious over U.S. spying (Sheboygan Press) The Obama administration and some members of Congress appear to have been taken aback by the reaction of foreign leaders who apparently learned recently that the United States has been monitoring their private phone communications

Thompson Supports Bill to End Dragnet Collection of Americans' Phone Data, Add Meaningful Oversight of Surveillance Programs (Northern PA) U.S. Representative Glenn 'GT' Thompson today announced his support for H.R. 3361, the USA FREEDOM Act, a bill to restore Americans' privacy rights by ending the government's dragnet collection of phone records and requiring greater oversight, transparency, and accountability under National Security Agency (NSA) surveillance programs

US spooks playing into Russia and China's hands (Dawn) NO wonder Vladimir Putin and Xi Jinping are smiling: they are closer than they have ever been to mastering who is saying and doing what online. They and other authoritarian leaders are watching with glee as US intelligence agencies destroy what is left of the original utopian vision of a cyberspace free of government control

Report: Start with the basics to mend U.S.-China cyber issues (FierceGovIT) The United States and China need to achieve some basic level of trust before they can realistically resolve any of their cyber-related issues, a report from the EastWest Institute and the Internet Society of China says

Malcolm Turnbull denies he's victim of 'slap down' over Huawei cyber security (The Australian) Communications Minister Malcolm Turnbull says he accepts the advice of cyber security experts, after the renewal of an official ban on Chinese firm Huawei working on the NBN

House Committee Concerned Over Obamacare Cyber Security Deficiencies? (Albany Tribune) The House of Representatives' GOP-led Homeland Security Committee will hold a hearing on Wednesday, Nov. 13, 2013, in order to thoroughly examine the cyber security deficiencies of President Barack Obama's healthcare web site, the committee's chairman, Michael McCaul, R-Texas, announced on Friday

Have Heads Begun to Roll Over Obamacare Imbroglio? (IEEE Spectrum) Wednesday morning, as U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius testified about the ongoing problems with healthcare.gov at a Senate Finance Committee hearing, the first head rolled as a result of the Obamacare website debacle

FTC wading into 'Internet of things' (Politico) As an array of everyday objects such as thermostats, toasters and even sneakers gets connected to the Internet, the FTC is taking a first stab at examining this vast and emerging area of technology, sparking concern from trade groups that fear regulation could harm innovation

Products, Services, and Solutions

Android KitKat Blocks Rootkits, But At What Cost? (PC Magazine) Google has beefed up security in Android 4.4, KitKat to block malware from taking over user devices, but some of these changes may pose challenges for users who like to take control of their own security destiny

Tin Can app relays messages to phones without Internet, cell reception (Ars Technica) New app delivers messages via phones' Wi-Fi, uses nearby phones as relay points

Google to allow only Windows Chrome extensions from official Web Store (FierceCIO:TechWatch) Starting in January, users of the Chrome browser on Windows will no longer be able to load extensions from sources other than the official Chrome Web Store. The move was made in order to protect Windows users, wrote Erik Kay, the tech lead for Google Chrome extensions and apps in a blog entry yesterday

FireEye Launches Security Offering for Enterprise Data Centers (ExecutiveBiz) FireEye_logo_EMFireEye has rolled out a new security offering designed to protect the core components of an enterprise data center

First free antivirus in India for Android phones unveiled at Ground Zero Summit 2013 (InformationWeek) One year Fellowship Program in National Security from Delhi Technological University and National Security Database was also launched at the Ground Zero summit

App permissions exposed with Clueful Privacy Advisor (Android Authority) App permissions are very important in the world of Android. They tell you what your applications are doing and what they need from you in order to function. For instance, an SMS app needs permission to access your SMS messages in order to function. An app by Bitdefender Antivirus called Clueful Privacy Advisor that'll help you learn about permissions and which apps use which permissions

Technologies, Techniques, and Standards

Blighty's banks prep for repeated kicks to cyber–'nads in Operation Waking Shark II (The Register) Stress test will check IT resilience — but not physical security

Waking Shark 2: experts sceptical about UK's bank stress test (TechWorld) Sector needs more than war-gaming

Group to test power grid preparedness (Foster's Daily Herald) Will you be ready if the world goes dark? Power companies throughout the United States and Canada will be put to the test this week by participating in a mock power emergency scenario

Battlefield Internet: NATO's geek brigade fights online foes (Fort Bragg Advocate News) It was a horrific scenario. The African island nation of Boolea was reeling from an attack by religiously inspired insurgents. Then a deadly cholera epidemic struck

CRM, ERP security best practices: How to secure aging software (Search Security) Enterprise resource planning (ERP) and customer relationship management (CRM) are two of the most important applications within an organization and critical to day-to-day functioning

IETF to improve the security of Internet protocols (Help Net Security) Internet security has been a focus this week for the more than 1100 engineers and technologists from around the world gathered at the 88th meeting of the Internet Engineering Task Force (IETF)

Cloud data security outside the vacuum: Find 'acceptable' levels of risk (Search Security) Even a suggestion of security problems is enough to scuttle a cloud project and discredit the whole cloud planning process — and the planners. To avoid this, enterprises must start with a relativistic view of security, focus on managing new risks and understand the notion of "acceptable" levels of risk

How to keep the NSA out of your company's data (Louisville Courier-Journal) Who's in the driver's seat on your cloud strategy? Bob from marketing? Lisa from sales? It sounds ludicrous, but it's an unfortunate reality

How big data can make the Internet safer (FierceBigData) The word "big" in front of the word "data" rarely conjures a strong mental image in the way "big" would before the words hair, boss or league. So it's understandable that most people can't fathom data so big that it is comparable to all the content on the Internet. It's even harder to wrap minds around the fact that one day in the not so distant future big data tools will be able to churn and analyze all of the content on the Internet--possibly without ever moving it from where it sits. And when that happens, the Internet itself should become a much safer place

IT Culture of Caution in Governments Crucial for Security (FutureGov) Cyber security attacks are evolving to get more sophisticated and targeted. Currently, 250,000 malware alerts are created a day and 30,000 websites are compromised a day, globally, according to Sophos Labs. Targeted cyber attacks looking to steal personal identity information (PII) are on the rise as criminals target employees as their gateway to the organisation

The 80–20 Rule of Cyber Security (FutureGov) 80 per cent of cyber attacks are opportunistic threats which can be tackled by cyber hygiene and best practices, according to Arnold Shimo, Chief Technologist, Innovation and Technology Centers at Lockheed Martin. The remaining 20 per cent, however, consists of Advanced Persistent Threats (APTs) - unknown, predetermined, intentional and well-equipped attacks that anti-viruses cannot mitigate

Don't forget forgotten passwords (SC Magazine) Highly publicized breaches of password systems are bringing attention to the need for better authentication. Many online sites, including Google, Facebook and Twitter, have responded by implementing some form of multifactor authentication (MFA), where in addition to a password, authentication requires an additional factor. The second factor can be anything from a hardware token to an email message to an SMS sent to a phone

Marketplace

Another NSA strike against USA tech biz (ComputerWorld) In July, I wrote a blog post quoting a CSA (Cloud Security Alliance) survey which found that 10% of 207 officials at non-US companies have canceled contracts with US service providers following the revelation of the NSA spy program in June

Retailers go all TSA, NSA on shoppers to get more data (FierceBigData) It's no secret that retailers are using cameras to track how long customers look at specific merchandise and in-store displays and signage. It's also widely known that some retailers track shopper behavior in-store via shoppers' cell phones. Shoppers do not take kindly to such spying but they are doubly upset with the emerging practice of retailers studying their person and not just their shopping behaviors

Data brokers' collection of internet activity data raises privacy issues (CSO) Some find the data collected on them amusing or even boring, but privacy advocates say there is good cause to worry

Let's put a brake on the real snoopers (ComputerWorld) The outcry over the NSA/GCHQ Internet surveillance scandal can't hide the fact that huge corporations won't say what they know

Samsung, Nokia say they don't know how to track a powered–down phone (Ars Technica) Privacy International still awaits answers from Apple, BlackBerry, and others

Panda Security Answer to Bits of Freedom Open Letter (PandaLabs) Bits of Freedom is an international coalition of civil rights organizations and security experts who has recently published an open letter where they ask antivirus companies for transparency and ask 4 direct questions. To address their concern, which we believe is also shared by many citizens, we want to answer this questions here

Deutsche Telekom to launch secure internet service next year for SMBs" (Telecom Lead) Telecom major Deutsche Telekom will launch a secure internet service next year for smaller companies

Huawei in Second Cyber–Security Report: We're No Government Mole (eWeek) Huawei, accused by U.S. lawmakers of spying for the Chinese government, asserts its transparency and security focus in a new white paper

Hexis Cyber Solutions Wins 2013 Golden Bridge Award (NASDAQ OMX) Company's HawkEye AP named Silver Award Winner for Innovation in Information Security and Risk Management

Trustwave acquires Application Security, Inc. (Help Net Security) Trustwave announced the acquisition of data security provider Application Security, Inc. The company's automated database security scanning technologies strengthen Trustwave's ability to help organizations protect data, reduce security risks and achieve compliance with mandates and regulations

After sale to Cisco, Sourcefire founder Roesch strives to keep things unchanged (Upstart) Sourcefire's $2.7 billion sale to Cisco Systems Inc. has been a big change for founder Martin Roesch and one he's getting through by staying true to Sourcefire's roots

Booz Allen Hamilton Announces Secondary Public Offering of Common Stock by Affiliate of The Carlyle Group (MarketWatch) Booz Allen Hamilton Holding Corporation ("Booz Allen") BAH -2.05% , the parent company of management consulting, technology, and engineering services firm Booz Allen Hamilton Inc., today announced the commencement of a secondary public offering of 10,000,000 shares of Class A common stock ("common stock") by an affiliate of The Carlyle Group

Symantec shares fall; top exec departing (MarketWatch) Shares of Symantec Corp. SYMC -3.79% fell sharply Tuesday morning, a day after it annoucned that Francis deSouza, the firm's president of products and services, is leaving the security software systems company

With Blackberry's Future Uncertain, Pentagon Readies a Contingency Plan (Nextgov) The Defense Department, owner of 470,000 BlackBerrys, is distancing itself from the struggling vendor while moving ahead with construction of a departmentwide app store and a system for securing all mobile devices, including the latest iPhones, iPads, and Samsung smartphones and tablets

DBT–Data Repurchases Virginia Site From Harris (Data Center Knowledge) Data center developer DBT-DATA has repurchased a data center in Harrisonburg, Virginia that it sold to IT contractor Harris Corp. in 2010, and has apparently gotten a bargain in the process. The acquisition of the Cyber Integration Center provides DBT-DATA with an operational high-security data center that has been optimized for government IT outsourcing

Procera Courts More Policy Partners (Light Reading) The deep packet inspection (DPI) specialist Procera Networks added another partner to its growing roster Monday. It has teamed up with Avvasi to blend quality of experience (QoE) management with network analytics

Damballa Taps Channel For Advanced Threat Appliances With New Partner Program (CRN) Damballa is set to formally unveil Tuesday its partner program aimed at attracting resellers and service providers to sell and deploy its advanced threat detection platform

White Hats for Hire Find Software Bugs (eSecurity Planet) Companies that lack the resources to run their own bug bounty programs may want to consider a bug bounty as a service program

RSA Executive Ann Johnson to Join Qualys as President and Chief Operating Officer (Wall Street Journal) The company is also a founding member of the Cloud Security Alliance (CSA)

Security Patches, Mitigations, and Software Updates

MS13–090 will address Zero–Day delivering diskless malware (CSO) On Monday, Microsoft promised a patch for the Zero-Day flaw in Internet Explorer disclosed by researchers at FireEye last Friday, which is being used to deliver diskless malware. As it turns out, FireEye disclosed a rare vulnerability in Internet Explorer. Rare as in Microsoft already knew about it, and was planning to patch it

Two Internet Explorer flaws will remain unfixed after Patch Tuesday (CSO) Even after Patch Tuesday has come and gone, administrators will need to keep an eye on two Zero–Day vulnerabilities impacting Internet Explorer

OpenSSH fixes potential remote code execution hole (Naked Security) Potential remote code execution bugs in OpenSSH, probably the most widely-used remote access security system on the internet, are the stuff of nightmares for system administrators. Paul Ducklin takes a look at the bug and the patch

Cyber Attacks, Threats, and Vulnerabilities

BLOG: Anonymous targeting Asian government sites (ComputerWorld) Guy Fawkes Day was November 5th, and a variety of loosely affiliated movements from Occupy to Anonymous joined to commemorate the day with a Million Mask March. However, it seems that Anonymous or at least Anonymous affiliated hackers in Asia decided to get an early start on the festivities with a variety of attacks against government websites in Australia, Singapore, and the Philippines

Singapore police cuff alleged Anonymous hacker (Naked Security) South East Asia has had its fair share of Anonymous excitement lately

ASIS website attacked by Indonesian hackers (Sydney Morning Herald) Indonesian hackers have crashed the website of Australian intelligence agency ASIS, according to hackers and cyber experts, dramatically stepping up the revenge attacks in response to the spying affair

Anonymous Indonesia set to attack Australia again, gets warned by Australian Anonymous (Tech in Asia) Indonesian hackers have brought down Australia Secret Intelligence Service's (ASIS) website. The hackers originally targeted Australian Security Intelligence Organisation (ASIO), but changed their target to ASIS instead

Anti–nuclear citizens groups targeted in massive cyber–attack (Asahi Shimbun) Anti-nuclear citizens groups around Japan were left reeling from a blizzard of e-mail traffic--more than 2.53 million messages--that had all the hallmarks of a coordinated cyber-attack

Syrian Electronic Army Hacks Vice Magazine Website, Deletes Article About Members' Identities (HackRead) The pro-Syrian President hackers from Syrian Electronic Army has hacked the official website of Vice Magazine (vice.com) for publishing article, revealing the identities of alleged members of the Syrian Electronic Arm

Palestinian Broadcasting Corporation Website Hacked, Left with Bible Verses (HackRead) The official website of Palestinian Broadcasting Corporation (PBS) has been hacked and defaced by a hacker going with the handle of gOx. The website of PBC was hacked on 1st November, left with a deface page along with a Verse of Bible. The deface message was expressed in following words: John 3:16

Official Website of Maharashtra Police Academy, India Defaced by Pak Cyber Pyrates (HackRead) A Pakistani hacker going with the handle of Gujjar (PCP) from Pak Cyber Pyrates had hacked and defaced the official website of Maharashtra Police Academy, India

BMPoC Hacking Group Hacks and Defaces 21 Brazilian Military Domains (HackRead) The hackers behind NASA hack from BMPoC hacking group have now hacked and defaced total 21 sub-domains of Brazilian Military. The domains are hacked by Baader Meinhof hacker from BMPoC hacking group who left a deface page along with a message on all hacked military domains

Nationalists threaten violence if ICJ verdict goes in favour of Cambodia (The Nation) War, cyber-attack and the refusal to abide by international justice - these are just some of the actions threatened by Thai nationalists if the International Court of Justice (ICJ) rules in favour of Cambodia tomorrow over the Preah Vihear temple territory dispute

GCHQ hacks GRX providers to mount MitM attacks on smartphone users (Help Net Security) A new report by German Der Spiegel has revealed that the Government Communications Headquarters (GCHQ), the UK equivalent of the US NSA, has compromised a number of Global Roaming Exchange (GRX) providers

GCHQ Used Fake LinkedIn Pages to Target Engineers (Spiegel OnLine) Elite GCHQ teams targeted employees of mobile communications companies and billing companies to gain access to their company networks. The spies used fake copies of LinkedIn profiles as one of their tools

How GCHQ hacked Belgacom (InfoSecurity Magazine) In September Der Spiegel published details from Snowden leaks indicating that GCHQ had been behind the hacking of Belgian telcommunications company Belgacom, in an operation codenamed Op Socialist. On Friday it published further details indicating how the breach had been effected

Finland admits it's suffered a massive cyber-attack. Is the same thing happening across Europe? (The Telegraph) Finland's diplomatic communications systems has been the target of a massively serious and prolonged cyber-attack, according to a report by Keir Giles, Chatham House's leading expert on cyber-security in Eastern Europe. And, as Giles made clear on the Chatham House website on Friday, Finland is not alone

Cyber Attack on Finland is a Warning for the EU (Chatham House) A highly sophisticated multi-year cyber attack targeting Finland's diplomatic communications is likely to have been replicated against other EU and Western countries

Researchers reveal IE zero–days after hackers set 'watering hole' traps (NetworkWorld) Memory-resident malware targeted visitors to security policy website

IE zero–day attack delivers malware into memory then poofs on reboot (NetworkWorld) A new IE zero-day exploit spotted in the wild is hosted on a hacked U.S. website that is being used for drive-by download attacks that deliver malware into memory and then disappear upon reboot

DeputyDog Gang Exploits a New IE Zero-Day Vulnerability with an AVT (InfoSecurity Magazine) Security researchers reported Friday that a zero-day Internet Explorer vulnerability was being exploited as a drive-by attack from a breached website based in the US. By Sunday the researchers had analyzed the payload and tied it to the Operation DeputyDog gang

Online gamers targeted in malware attack, exploiting old Microsoft vulnerability (Graham Cluley) China joystickSecurity researchers at ZScaler have uncovered a malware attack, seemingly targeted against the computers of Chinese game players

A nefarious use of Google Drive to load malicious redirects (Malwarebytes Unpacked) A lesser known aspect of the popular cloud storage Google Drive is its built-in site publishing feature that allows you to upload an entire directory containing static web files (HTML, JavaScript, CSS, etc.) and to publish your own website

ColdFusion Hacks Point To Unpatched Systems (InformationWeek) Several highly publicized hacks have been traced to unpatched ColdFusion vulnerabilities, collectively leading to one million records being stolen

Data Center Servers Exposed (Dark Reading) Popular server firmware contains multiple zero-day vulnerabilities, but fixes are fraught with trade-offs

Security Researchers Find Links between Unrelated Advanced Persistent Threat Campaigns (The WHIR) FireEye released a new report on Monday that looks at the links between advanced persistent threat campaigns, suggesting that seemingly unrelated cyberattacks may be part of a broader offensive

Smartphone PIN revealed by camera and microphone (BBC) The PIN for a smartphone can be revealed by its camera and microphone, researchers have warned

Popular French torrent portal tricks users into installing the BubbleDock/Downware/DownloadWare PUA (Potentially Unwanted Application) (Webroot Threat Blog) A typical campaign attempting to trick users into installing Potentially Unwanted Software (PUA), would usually consist of a single social engineering vector, which on the majority of cases would represent something in the lines of a catchy "Play Now/Missing Video Plugin" type of advertisement. Not the one we'll discuss in this blog post. Relying on deceptive "visual social engineering" practices, a popular French torrent portal is knowingly — the actual directory structure explicitly says /fakeplayer — enticing users into installing the BubbleDock/Downware/DownloadWare PUA. What kind of social engineering tactics is the portal relying on

Tech Insight: Viral Arms Race Brings New, Better Evasion (Dark Reading) New malware advances focus on evading security researchers and automated analysis sandboxes

Interview: Hacker OPSEC with The Grugq (Blogs of War) The Grugq is an world renowned information security researcher with 15 years of industry experience. Grugq started his career at a Fortune 100 company, before transitioning to @stake, where he was forced to resign for publishing a Phrack article on anti-forensics…The Grugq's research has always been heavily biased towards counterintelligence aspects of information security…Currently an independent researcher, the grugq is actively engaged in exploring the intersection of traditional tradecraft and the hacker skillset, learning the techniques that covert organisations use to operate clandestinely and applying them to the Internet

Russian Cosmonauts Occasionally Infect the ISS with Malware (Atlantic Wire via Yahoo!) Russian security expert Eugene Kaspersky says the International Space Station was infected by malware installed through a USB stick carried on board by a Russian cosmonaut

Stuxnet infected Russian nuclear plant (SC Magazine) Stuxnet had 'badly infected' the internal network of a Russian nuclear plant after the sophisticated malware caused chaos in Iran's uranium facilities in Natanz

IT merger "putting North Sea oil platforms at risk from cyber terror" (Deadline) North Sea oil platforms could be shut down by cyber terrorists because cost-cutting measures have left them vulnerable, experts have warned

Cryptolocker surge directly tied with Blackhole downfall (Help Net Security) The recent emergence of Cryptolocker as one of the most widespread, visible and deadly threats is directly tied to the arrest of "Paunch", the creator of the infamous Blackhole and Cool exploit kits

A Peek Inside a Customer-ized API-enabled DIY Online Lab for Generating Multi-OS Mobile Malware (Dancho Danchev) The exponential growth of mobile malware over the last couple of years, can be attributed to a variety of 'growth factors', the majority of which continue playing an inseparable role in the overall success and growth of the cybercrime ecosystem in general

Android Malware Continues March Toward Commoditization: F–Secure (SecurityWeek) F-Secure Labs announced that it discovered 259 new mobile threat families and variants of existing families in the third quarter of 2013, according to the new Mobile Threat Report for July-September 2013. Two hundred fifty two of these were Android threats and the remaining seven were Symbian. The number is an increase from the 205 threat families and variants found in the second quarter

Rapid7 Outlines SAP Attack Vectors for Pen Testers (SecurityWeek) Just recently, reports of a banking Trojan modified to look for SAP GUI (graphical user interface) installations reignited discussion about vulnerabilities impacting SAP ERP (enterprise resource planning) systems

Data Breach Roundup: October 2013 (eSecurity Planet) Data loss related to theft and loss is on the rise, says security expert Ryan Kalember, thanks to the huge popularity of smartphones and tablets

Has the cyber war begun? (The Star) Anonymous hackers have declared war on Singapore with a pledge to hit at official infrastructure. This has left Singaporeans with a sense of foreboding about what is to come

Scam emails pleading for donations for Phillipines doing rounds (Help Net Security) In a move that should surprise no-one, cyber scammers have started taking advantage of the disastrous situation in the Philippines in the wake of Typhoon Haiyan

Marston's Brewery Hacked, Customer Details Stolen (Softpedia) Marston's, the famous UK-based brewery, has suffered a data breach. Hackers have gained access to one of the company's databases

Bitcoin wallet service hacked, 4,100 Bitcoins stolen (Help Net Security) A daring hack and heist targeting online Bitcoin wallet service Inputs.io has resulted in the theft of 4,100 Bitcoins (currently over $1.3 million) and has left some of the users extremely disgruntled

Selfish Miners Could Exploit P2P Nature of Bitcoin Network (Threatpost) While researchers and academics are just at the beginning of the process of trying to judge the value of a recent paper on a vulnerability in the Bitcoin protocol, some are arguing that there is a smaller point that's being missed in all of the back and forth: There is a problem with the peer-to-peer

Vindictive cyber attack hits Colne councillor (Pendle Today) A Colne councillor has this week become victim to a vindictive hacking attack

Litigation, Investigation, and Enforcement

Social media regulations and compliance: What enterprises should know (Search Security) In a fairly short period of time, social media has become an essential element of business success. Today, organizations commonly build strong presences on Facebook, Twitter, LinkedIn and elsewhere

Data Spying & Data Complying (Big Data Republic) The changing landscape and widening of legal powers requires a different approach to risk and compliance for global businesses to ensure that it is complying with its obligations both locally and internationally. This article examines the issues and practical implications of achieving compliance with privacy laws where the lines between borders are becoming increasingly blurred

Scotland Yard cyber crime unit to dramatically expand (The Telegraph) The Metropolitan Police is planning a major expansion of its E-crime unit as the threat of a cyber attack continues to grow

San Diego quietly slips facial recognition into the hands of law enforcers (Naked Security) Police and other authorities are using smartphones and tablets to snap photos in the field, without warrants or asking for subjects' permission to run their images against criminal databases. The program was rolled out without public hearings or notice

NYPD detective pleads guilty to hacking fellow police officers' email and phone (Naked Security) Edwin Vargas was charged with using PayPal to hire someone to hack login details for at least 43 personal email accounts, including those of 20 current or former NYPD officers

Google in trouble for StreetView all over again, this time in Brazil (Naked Security) Every time we've written about the Google Wi-Spy saga, we've said, "Betcha this won't be the last of it." Still isn't…Brazil is the latest country to put the hard word on Google

Two admirals under investigation, linked to alleged bribery scheme (Navy Times) Two flag officers have been added to the growing list of Navy officials allegedly connected to a large-scale bribery scheme in Asia

Spying exposé endangered national security: UK (PressTV) The United Kingdom says the disclosure of the country's spying activities has endangered the national security

Don't expect data on P2P networks to be private, judge rules (InfoWorld) Defendants claimed that searching for files on their computers violated Fourth Amendment rights

Design and Innovation

CERN aims to give UK start–ups a boost through new innovation centre (TechWorld) The centre will accept up to 10 companies over next two years

Estonian Startup Plumbr Raises $1M To Make Memory Leaks A Thing Of The Past (TechCrunch) Chalk this up as another Estonian startup to watch. Founded in late 2011 off the back of a PhD research project, Plumbr has developed a memory optimising tool that it claims can predict and avoid software failures. It already boasts paying customers such as HBO, Dell, NATO, TeliaSonera, and Ericsson

Why the "Next Silicon Valley" Doesn' Really Exist (MIT Technology Review) Lots of people want to create another innovation hub like Silicon Valley. Here's why they'll all fail

The CyberWire Daily Briefing for 11.12.2013