Cyber Attacks, Threats, and Vulnerabilities
Kremlin alleged to wage cyber warfare on Kiev (Financial Times) Russia's physical invasion of Crimea may have begun in late February, in the days after the removal of Ukraine's president Viktor Yanukovich, but the infiltration of Kiev's computer systems began years before
Why Anonymous threats should not be ignored (Help Net Security) International hacktivist group Anonymous is causing fear within the business and technology community once again, after a supposed Anonymous spokesperson warned that World Cup sponsors are next on the hit list
UAE is hit hard by GameOver Zeus virus (Khaleej Times) The malware, which the FBI terms "extremely sophisticated", can steal banking and other passwords from the computers it infects and mostly spread through spam e-mail or phishing messages
CryptoLocker wannabe "Simplelocker" scrambles your files, holds your Android to ransom (Naked Security) Only this week, we published an article about 10 Years of Mobile Malware
Vodafone reveals existence of secret wires that allow state surveillance (The Guardian) Wires allow agencies to listen to or record live conversations, in what privacy campaigners are calling a 'nightmare scenario'
Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered (Wired) On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper
Linksys E4200 Vulnerability Enables Authentication Bypass (Threatpost) Linksys router contains an authentication bypass vulnerability that could give an attacker full administrative privileges on affected devices
Hacking Apple ID? (TrendLabs Security Intelligence Blog) The many announcements at Apple's 2014 Worldwide Developers Conference (WWDC) this week was welcome news to the throngs of Apple developers and enthusiasts. It was also welcome news for another group of people with less than clean motives: cybercriminals
OS X Yosemite and iOS 8's enticements could also entrap (InfoWorld) Apple's seamless cross-device experience will appeal to business users, but security experts warn integration poses new risks
Brokers' slip-ups add to Wall Street's cyber-attack anxiety (Reuters) The most cutting-edge technology cannot contain one of the biggest cyber hacking threats on Wall Street: sloppy actions by brokers and other industry employees
Employee Error Exposes Hurley Medical Center Data (eSecurity Planet) An undisclosed numbers of employees' and retirees' names and Social Security numbers were mistakenly exposed
Security Patches, Mitigations, and Software Updates
Microsoft to release seven security updates next week (ZDNet) Two of the seven are for at least one critical vulnerability. One of these affects an unusually broad collection of products
Microsoft Expected to Patch IE 8 Zero Day on Patch Tuesday (Threatpost) Prompted by the disclosure of a zero-day vulnerability in Internet Explorer 8 more than six months after it was reported, Microsoft next Tuesday will finally issue a patch
Cyber Trends
High-profile hacking raises cyber security fears (Financial Times) The dark world of cyber crime is slowly being prised open, as threats rise to levels where companies and individuals are forced to treat the matter as of critical importance
Windows XP: Why is the enterprise so reluctant to let it go? (ITPro) The risks to businesses from older OS and software installations are well known, but businesses still aren't budging
US state and local government bodies lack cyber defences (Financial Times) Cyber criminals on the hunt for poorly protected confidential data are circumventing the US federal government and targeting state and regional authorities on the basis that they have fewer resources to defend themselves
How much confidence do financial organizations place in security controls? (Help Net Security) The confidence financial organizations place in their security controls is only marginally better than the confidence retailers place in their controls, according to Tripwire
Internet of Things market to exceed $7 trillion by 2020 (Help Net Security) While the interest and buzz around the Internet of Things (IoT) has grown steadily in recent years, the seemingly endless market promise continues to become reality
Cybersécurité, quelle prise de conscience des entreprises? Analyse des rapports annuels du CAC40 (solucomINSIGHT) La cybersécurité est au cœur de l'actualité et de l'évolution de la réglementation. Elle constitue un enjeu majeur pour les entreprises qui doivent mettre en place des actions pour se protéger. Comment les plus grandes entreprises françaises s'emparent-elles du sujet et comment cela se reflète-t-il dans leurs rapports annuels?
Energy makes prime target in cyber threat against infrastructure (Financial Times) In May, the US Department of Homeland Security revealed that the industrial control system of a public utility had been hacked by a "sophisticated threat actor"
It's The Security, Stupid! (TechCrunch) It's 2014. Do you know where your security is? On Tuesday, Google published a full account of the current state of encryption in email, revealing that some leading providers like Comcast and France's Orange encrypted nearly none of the email that approached its servers. The news this week seemed to confirm many of our worst fears about the state of security on the Internet (as it does most weeks)
Marketplace
U.S. technology companies beef up security to thwart mass spying (Reuters) A year after Edward Snowden exposed the National Security Agency's mass surveillance programs, the major U.S. technology companies suffering from the fallout are uniting to shore up their defenses against government intrusion
Advanced Threats Strengthen Demand for Next-Generation Firewall and Unified Threat Management Solutions, Finds Frost & Sullivan (FierceITSecurity) The dynamic nature of security threats and network traffic has challenged the efficacy of legacy firewall systems, paving the way for next generation firewalls (NGFW) and unified threat management (UTM) solutions. Faced with new technologies, business requirements and security threats, businesses of all sizes across various industries are welcoming the sophisticated network controls offered by NGFWs and UTM
Demand for unified threat management appliances on the rise, says IDC (FierceITSecurity) Demand for unified threat management, which integrates multiple security technologies into a single network appliance, is on the rise, according to IDC Research
If attorney needed to explain cyber coverage, the policy is not clear (Advisen Cyber Risk Network) Advisen: What do you see as the greatest cyber risks today? Scott Godes: The theft of credit card and financial-related information from retailers, credit card processors, and others. These are crimes, and ultimately, everyone pays a price because the crimes have happened, no matter what entity bears the liability
Lockheed Martin Celebrates 10 Years Advancing Cybersecurity Through Intelligence Driven Defense® (MarketWatch) Lockheed Martin LMT +1.10% commemorated the tenth anniversary of the formal creation of its enterprise cyber defense organization, the Lockheed Martin Computer Incident Response Team (LM-CIRT), by discussing the growing cyber threats facing corporate and government networks and looking forward to delivering another decade of cyber security services
Products, Services, and Solutions
Product review: Check Point Software UTM Threat Prevention Appliances (TechTarget) The Check Point Software Next Generation Threat Prevention Appliances are the latest in a long line of security products from the vendor whose brand is synonymous with firewalls. Check Point has one of the best united threat management approaches, providing solid products — both for the high and low ends of the market — with the essential features enterprises look for
Bitdefender helps Community Emergency Response Team fight cybercrimes (Tweaktown) Software security company Bitdefender plans to help CERT and police authorities in their growing battle against organized cyberattacks
Trend Micro in pact with Broadcom (Voice and Data) Security software provider Trend Micro has partnered with Broadcom Corporation for developing an integrated security solution that will protect home security networks from cyber threats
KnowBe4 Says "We'll Pay Your Crypto-Ransom If You Get Hit" (Insurance News Net) In a bold move, IT security firm KnowBe4 announced it will pay a company's ransom in Bitcoin if they get hit with ransomware due to human error of an employee. Security experts agree It will only be a matter of weeks before CryptoLocker or a variant will be back in business as the criminals who created it are still on the loose. When it does come back, KnowBe4 is confident it can help organizations protect their employees and networks through its Kevin Mitnick Security Awareness Training
Varonis DatAnywhere Raises the Stakes in Private Cloud File Sharing With New Safeguards, Enhancements, Free Downloads (MarketWatch) Varonis Systems, Inc. VRNS +0.80%, the leading provider of software solutions for unstructured, human-generated enterprise data, today announced general availability (GA) for DatAnywhere 1.8, once again raising the functionality and security bar in the rapidly growing cloud-style file sharing and collaboration market
Technologies, Techniques, and Standards
Cyber Essentials scheme launched (Business-Cloud) Companies are overwhelmed by advice from vendors around how to protect against Internet based threats. Now the UK Government has issued its own advice
Set up email encryption in half an hour (Help Net Security) As part of the global Reset the Net action, the Free Software Foundation, a non-profit organization that promotes computer user freedom and aims to defend the rights of all free software users, has released Email Self-Defense, a step-by-step guide that can teach even low-tech users how to use email encryption
What Are Cryptocurrencies? (Cointelegraph) Cryptocurrencies are a form of digital money that rely on distributed networks and shared transaction ledgers to combine the core ideas of cryptography with a monetary system to create a secure, anonymous, traceable and potentially stable virtual currency
Phish or legit — Can you tell the difference? (Naked Security) I recently received two emails, sent to two different addresses and both from different senders
Identify stolen credentials to improve security intelligence (Help Net Security) Data is the heart of an organization, and IT security teams are its protectors. Businesses spend billions of dollars per year setting up fortresses to safeguard data from anyone who dare try to take it. The latest forecast from analyst firm Canalys has IT security spending increasing to $30.1 billion by 2017. Despite this investment, data breaches are on the rise
If HTML5 Is The Future, What Happens To Access Control? (Dark Reading) The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need
Research and Development
KEYW Partners With the University of Central Florida to Provide Big Data Visualization Framework (MarketWatch) The KEYW Holding Corporation KEYW +10.01% announced today that its subsidiary, The KEYW Corporation, entered into a formal partnership with the University of Central Florida (UCF) formalizing teaming efforts focused on research and development in the critical cybersecurity domain. The newly signed agreement provides KEYW and UCF with a framework to work and collaborate on task orders related to big data visualization efforts
New Mechanisms Enable Users to Log in Securely Without Passwords (Tasnim) Passwords are a common security measure to protect personal information, but they do not always prevent hackers from finding a way into devices
US Secret Service wants software to "detect sarcasm" on social media (Ars Technica) Skeptics are not aware of a satisfactory algorithm to detect online sarcasm
Academia
A safe bet for turning a college degree into a job (CNBC) When word first got out that Case Western Reserve University in Cleveland, Ohio, was planning to build two degree programs specializing in big data analytics, vice provost of undergraduate education Donald Feke's in-box filled up with inquiries from students clamoring to get in—long before the programs were ready
Regis University to Open Region's First Dedicated College of Computer & Information Sciences (Digital Journal) College will offer 12 degrees in computer, information sciences, and health care fields
Legislation, Policy, and Regulation
On Anniversary of Snowden Revelations, Senators Look at NSA Bill (Re/Code) Senate lawmakers expressed doubt about legislation to overhaul the National Security Agency's bulk-data collection program Thursday as the U.S. marked the first anniversary of surveillance revelations from whistleblower Edward Snowden
White House looking to Capitol Hill on cyber (FCW) White House adviser Ari Schwartz goes about the business of explaining the Obama administration's cybersecurity goals methodically. At multiple recent conferences for cybersecurity professionals in the Washington, D.C., area, Schwartz has offered updates on threats as varied as Heartbleed and the Chinese hackers indicted by the Justice Department
One Year Later: Snowden Disclosures' Effect on Secret Laws (Roll Call) One year ago, on June 5, 2013, Edward Snowden revealed that he had provided several reporters with access to documents he had taken from the National Security Agency. The subsequent carefully researched and thoughtfully written stories blew the lid off much of the secrecy that the National Security Agency, the Foreign Intelligence Surveillance Court, the Department of Justice, and the intelligence community had imposed on the communications surveillance in which our government had been engaging
On Snowden Anniversary, Microsoft Calls for Surveillance Reform (Threatpost) On the anniversary of the first news reports on NSA surveillance, Microsoft general counsel Brad Smith seized the opportunity to draw a line in the sand with the U.S. government
Zuckerberg, Nadella Ask Senate to Restrain NSA Spying (Bloomberg BusinessWeek) The chief executive officers of Microsoft Corp. (MSFT:US), Google Inc. (GOOG:US) and other technology companies are asking the U.S. Senate to muzzle the National Security Agency
No, Glenn Greenwald cannot be the one who decides what stays secret (The Week) In a world where anyone can claim to be a journalist, only government can decide what stays classified
NSA: Inside the FIVE-EYED VAMPIRE SQUID of the INTERNET (The Register) You may want to move to Iceland at this point
New whistleblower group encourages more efforts to inform public (McClatchy) A new whistleblower protection effort debuted this week, claiming that safeguards to shield employees who expose government activities from retaliation are not strong enough
I'm Willing to Die for Your Online Freedom (but I'm hoping it doesn't come to that). (Politico) My name is Brian Zulberti. I'm a lawyer. For the past three days I have been on a hunger strike outside the Supreme Court of the United States. I am going to remain here until coverage or death. More specifically, I want 90 seconds on a major national television network, during prime time, to warn the nation about the dangers of social media-related firings. I will fast until either I get that 90 seconds or I die
Fight internet surveillance, Reset The Net (Naked Security) It's a year since the name Edward Snowden became world famous and a year since we learned that the USA's National Security Agency has infiltrated the internet like an aggressive fungal mycelium
Strengthening standards for cybersecurity and surveillance (NewsDesk) Surveillance is a vital tool in the fight against terrorism and organised crime, but governments must do more to convince the public of its necessity
Jonathan Zittrain and L. Gordon Crovitz Debate the Future of Internet Governance (Harvard: Berkman Center for Internet and Society) The recent move by the United States to relinquish its role in the assignment of Internet names and numbers has generated a wide range of predictions for the future of Internet governance. Join Professor Jonathan Zittrain and Wall Street Journal Columnist Gordon Crovitz in a Google Hangout starting at 2:30pm as they debate the impact of ICANN's independence on the Internet and its role in society as an open platform
How Have We Changed? Evolving Views in the U.S. on Security and Liberty (IC on the Record) ODNI General Counsel Robert Litt at Wilson Center Panel on Surveillance, Security and Trust
DOD Cyber Architecture Takes Shape (InformationWeek) Military's cyber defense efforts remain a work in progress, officials say
Government studied Mega Cavern as cyber attack safety net (WAVE3) Housing super computers to protect the United States economy in caves under Louisville? The federal government spent millions of dollars on that very idea in a place many visit everyday
Vice-minister calls US cybersecurity gripes hypocritical (China Daily) China has criticized the United States for being hypocritical and hegemonic in cybersecurity and urged it to stop eavesdropping on other countries and individuals, said a senior Chinese diplomat, following a series of spats between the two countries involving cyberspace
Litigation, Investigation, and Law Enforcement
Vodafone admits some governments have free reign to eavesdrop on calls (Engadget) Gone are the days when we thought governments could only access our phone calls through official, naive-sounding procedures like "warrants." Nevertheless, it's only now, after the whole Snowden / NSA blow-up, that companies like Vodafone are trying to be more transparent
Judge orders feds to preserve surveillance data (Politico) A federal judge affirmed Thursday that the U.S. Government must preserve records of National Security Agency surveillance relevant to ongoing lawsuits challenging the legality of the practice, including data gathered under a controversial provision allowing harvesting of foreigners' U.S.-based e-mail and social media accounts
How Researchers Helped Cripple CryptoLocker (Dark Reading) A Black Hat USA speaker will give the backstory on how he and others helped disrupt the infamous CyptoLocker operation, and what they learned about it
Man fined $8,000 for Istana website hack (The Straits Times) A businessman who was fined $8,000 yesterday for hacking into the Istana website is the first to be convicted of carrying out a cyber attack on a government website here
Police in Gloucestershire warn people to protect against cyber crime (Gloustershire Echo) Gloucestershire Police are warning people to guard their computers against cyber attack in the wake of a Government alert issued by the UK's National Crime Agency
Facebook troll jailed for posting he was 'glad' teacher was murdered (Naked Security) A Facebook troll who posted disgusting messages about the classroom killing of a much-loved UK teacher, Ann Maguire, has been jailed for six weeks
Medical centre staff post woman's STD diagnosis on Facebook (Naked Security) A US woman is suing the University of Cincinnati (UC) Medical Center, alleging that their employees posted her private medical records onto Facebook
Alabama Prison Officers Jailed for Identity Theft (eSecurity Planet) Bryant Thompson was sentenced to 10 years in prison, and Quincy Walton was sentenced to seven years