Cyber Attacks, Threats, and Vulnerabilities
Anonymous Hacktivists Prepare For Strike Against ISIS 'Supporters' (Forbes) The hacktivist group Anonymous is planning to launch a series of digital attacks against nations it accuses of funding or arming the radical Islamic terror group ISIS
Israeli Defense Forces official Blog Hacked by Syrian Electronic Army (HackRead) Syrian Electronic Army has made a major comeback by hacking and defacing the official blog of Israel Defense Forces (IDF) yesterday
Banking malware sniffs out data sent over HTTPS (Help Net Security) Careful online banking users can sometimes spot that something is amiss when malware installed on their computer pops up phishing pages or adds fields to legitimate banking forms. But the Emotet banking malware doesn't bother with that, and sniffs out data sent over secured connections instead
Exploiting wildcards on Linux (Help Net Security) DefenseCode released an advisory in which researcher Leon Juranic details security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug
How does a rogue ad network function? (Help Net Security) It's a well known fact that a considerable chunk of Internet traffic is bogus, made by infected computers that visit sites and click on adverts chosen by malicious actors
Anatomy of an Android SMS virus — watch out for text messages, even from your friends! (Naked Security) SophosLabs just brought to our attention an item of malware of a sort you don't often see these days
Warning signs corporate computers could be talking to cloud-based malware (CSO) Experts weigh in on detecting malware talking to corporate computers from a cloud service provider
ICS Malware Found on Vendors' Update Installers (Threatpost) Malware targeting industrial control systems has infected the update installers belonging to three known industrial control vendors, according to an advisory from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
Benjamin F. Edwards Co. Discloses Data Breach Affecting Customers (Forbes) The brokerage house, Benjamin F. Edwards & Co., disclosed yesterday that they had suffered a data breach due to an unknown intruder
Experimental evidence of massive-scale emotional contagion through social networks (PNAS) We show, via a massive (N = 689,003) experiment on Facebook, that emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness. We provide experimental evidence that emotional contagion occurs without direct interaction between people (exposure to a friend expressing an emotion is sufficient), and in the complete absence of nonverbal cues
Facebook's 'creepy' secret study: Were you a target? (Emirates 24/7) Secretly manipulated feelings of 700,000 users to understand "emotional contagion"
Facebook is learning the hard way that with great data comes great responsibility (Quartz) Facebook released the results of a study where its data scientists skewed the positive or negative emotional content that appeared in the news feeds of nearly 700,000 users over the course of a week in order to study their reaction. The study found evidence of "emotional contagion," in other words, that the emotional content of posts bled into user's subsequent actions
Facebook's massive psychology experiment likely illegal (BoingBoing) Researchers from Facebook, Cornell and UCSF published a paper describing a mass-scale experiment in which Facebook users' pages were manipulated to see if this could induce and spread certain emotional states. They say it was legal to do this without consent, because Facebook's terms of service require you to give consent for, basically, anything
The Numinous Veil Of Ignorance (TechCrunch) I seem to be on the wrong side of the Facebook experiment issue. I'm referring to the news which broke recently that Mark Zuckerberg himself (no, not really) conducted an experiment in 2012 to test whether influencing what a user sees in turn affects what they post. If they were shown more negative material, for example, did they become more negative? The answer is yes. The conclusion? Facebook seems able to influence our moods (well, sort of)
Bulletin (SB14-181) Vulnerability Summary for the Week of June 23, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
Google Drive update fixes data-leaking flaw (Help Net Security) Google has fixed a security issue that made some of the files stored on Google Drive and shared with friends or colleagues via a direct link potentially reachable by unauthorized third parties, and calls users to remove previously shared documents
Microsoft stops email notification services (CSO) On Friday, Microsoft told security notification subscribers that the service would halt operations on July 1
Microsoft Kills Security Emails, Blames Canada (Krebs on Security) In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company's recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software
Cyber Trends
Why security awareness matters (Help Net Security) In this interview, Paulo Pagliusi, CEO at MPSafe Cybersecurity Awareness, talks about the value of security awareness and how it influences the overall security posture of an organization
Marketplace
Threat-Intel Sharing Communities Spring Up to Aid Network Defenders (eWeek) Security technology companies are offering an expanding menu of choices for corporate network defenders who want to keep up on the latest cyber-threats
Lockheed Martin develops hybrid cloud for Air Force (C4ISR & Networks) Lockheed Martin is developing a hybrid cloud that will enable the U.S. Air Force to migrate to a cloud-based system. Lockheed claims that this will offer lower costs, better service and greater agility for 800,000 Air Force users
Keeping pace with cyber training (C4ISR & Networks) Report after report continues to surface warning about the shortage of properly skilled cyber security resources. Last year, the DHS inspector general reported that the National Cybersecurity and Communications Integration Center "does not have sufficient resources to provide specialized training to incident responder." The report documented that between 2009 and 2013 only 10 of the 22 (or about 45 percent) analysts had the needed technical training
ZeroFOX Supports Maryland Tech Workforce as Member of the Central Maryland IT/Cyber Consortium (PR.com) ZeroFOX, The Social Risk Management Company™, announced that the Central Maryland IT/Cyber Consortium has been awarded an implementation grant through EARN (Employment Advancement Right Now) Maryland. The grant funds will be used to develop an innovative workforce development program and provide Marylanders with hands-on training and education through apprenticeships at partner companies
BlackBerry Swipes At Android Security (InformationWeek) In response to Google I/O announcements, BlackBerry criticizes Android's lack of security. On point, or sour grapes?
Products, Services, and Solutions
Barracuda NG Firewall extends support for Microsoft centric deployments (Telecom Tiger) Barracuda Networks, on Friday announced the availability of new capabilities supporting Microsoft deployments in the areas of Windows Remote Desktop Services, virtualization and public cloud
AxCrypt. It's Good And Bad News. (Gizmo's Freeware) Last week I recommended that you take a look at Cryptainer if you need a replacement for the now-defunct TrueCrypt encryption product. A handful of people have suggested that another free program, AxCrypt, is also a suitable replacement, and I promised to take a look at it. So here goes
Panda Security Launches Panda Advanced Protection Service (IT News Online) Panda Security has launched Panda Advanced Protection Service (PAPS), a new managed service for monitoring applications which uses a disruptive approach as opposed to the traditional system of detecting malware based on blacklists
Exclusive: A review of the Blackphone, the Android for the paranoid (Ars Technica) Custom-built with privacy in mind, this handset isn't for (Google) Play
Technologies, Techniques, and Standards
EC touts standardised cloud SLAs for European businesses (CloudPro) EU guidelines will provide a silver-lining for those struggling to migrate cloudwards
Cisco Web Security and the Health Insurance Portability and Accountability Act (HIPAA) (Cisco Blogs) Spurred by the Health Insurance Portability and Accountability Act (HIPAA), which outlined a set of standards and guidelines for the protection and transmission of individual health information, as well as the subsequent amendment to address standards for the security of electronic protected health information, customers often ask me the following questions
Ethical hacking: Getting inside the minds of cyber criminals (CSO) Just when you think you've got yourself all covered on the security front, an attack comes out of nowhere and bites you on the arse. You think to yourself: How did I not see that coming?
Security Compliance Primer and Buying Guide (eSecurity Planet) Security compliance is a complex and sometimes onerous task. Here we offer advice on best practices that can help, along with a guide to available tools
Design and Innovation
Anonymous Social Messaging Discovers That Location Matters (TechCrunch) Apparently secrets are better if you share them with those closest to you — geographically
Research and Development
The Space-Based Quantum Cryptography Race (MIT Technology Review) Europe and China are gaining the upper hand in the race to bounce perfectly secure messages off satellites in low Earth orbit
Legislation, Policy, and Regulation
Steinmeier urges clearer regulations in NSA-inspired US-German 'cyber dialogue' (Deutsche Welle) The German lower house of parliament has canceled its contract for Internet usage with US company Verizon, announcing the move on the first day of a special "cyber dialogue" conference tied to the NSA espionage scandal
Surveillance cooperation with US goes back years (The Local (Denmark)) Newly-obtained documents reveal that Denmark has been "in good company" with American intelligence agencies since the 1990s
New N.S.A. Chief Calls Damage From Snowden Leaks Manageable (New York Times) The newly installed director of the National Security Agency says that while he has seen some terrorist groups alter their communications to avoid surveillance techniques revealed by Edward J. Snowden, the damage done over all by a year of revelations does not lead him to the conclusion that "the sky is falling"
Groups Target Hill Votes On NSA Bills (Broadcasting and Cable) EFF, Sunlight grading legislators on privacy legislation
Groups fear bill would allow free flow of data between private sector and NSA (Computerworld) Cybersecurity Information Sharing Act of 2014 is a big threat to individual privacy, say privacy groups
US National Security Agency releases murky transparency report (The Inquirer) Clear as mud. The United States National Security Agency (NSA) has released its first transparency report
Striking a cyber balance between state, federal authorities (Federal Times) Say you're a public utility and you're under cyber attack. Who do you call? Local authorities? State government offices? The feds? The best option isn't always clear
24th AF hosts ANG GO Cyber Summit (Lompoc Record) Air National Guard leaders from across the country gathered in San Antonio June 4-6 for the ANG General Officer Cyber Summit
EXCLUSIVE Obama Poised to Yank Top Military Intel Pick (Foreign Policy) The Obama administration is poised to abandon its pick to run the sprawling Defense Intelligence Agency amid two ongoing investigations into whether programs she had overseen have been marred by questionable and potentially illegal spending, according to administration officials and congressional sources with knowledge of the matter
Malaysia Should Set Up Cyber Command Centre, Says Expert (Bernama) Malaysia needs to set up a cyber command centre to coordinate actions by the authorities and industry players in facing cyber attacks, suggested an expert in information security
Saudi king sacks deputy defence minister — royal court (Reuters) Saudi Arabia's King Abdullah sacked the deputy defence minister on Saturday less than two months after he was appointed, the state news agency reported
Iran, Qatar to cooperate against 'terror' (Daily Star) The leaders of Shiite Iran and Sunni Qatar vowed Sunday to cooperate to fight "terrorism in the region", President Hassan Rouhani's office reported as Iraqi forces counter a militant onslaught
Litigation, Investigation, and Law Enforcement
Ex-NSA chief under scrutiny over speculated secrets leak (ZDNet) Irony aside, a lawmaker has pointedly reminded former NSA chief Keith Alexander that selling classified information is a felony
MP demands inquiry into secret psych tests on Facebook members (The Times) An MP has called for an investigation into how social networks manipulate their users after learning of research by Facebook that proved it could alter its customers' mood
Joint Statement From the Office of the Director of National Intelligence and the Department of Justice on the Declassification of Renewal of Collection Under Section 501 of the Foreign Intelligence Surveillance Act (IC on the Record) On March 28, 2014, the Director of National Intelligence (DNI) declassified and disclosed publicly that the U.S. government had filed an application with the Foreign Intelligence Surveillance Court (FISC) seeking renewal of the authority to collect telephony metadata in bulk, and that, on March 28, 2014, the FISC renewed that authority. The DNI also announced that the Administration was undertaking a declassification review of the FISC's March 28th Primary Order
The Law's Vital Role in America's Intelligence Debate (Real Clear Defense) In his essay, "National Security Lawyers a National Security Threat," Marshall Erwin disparages national security lawyers for, in his view, putting the nation's security at risk. In the process of doing so, Erwin inadvertently makes a compelling case for why national security lawyers play a vital role in helping to guide those who make and execute national security policies
Facebook's facing a losing battle to protect users' privacy (Naked Security) Composite. Image of data privacy courtesy of Shutterstock. Last year, prosecutors in Manhattan held Facebook up by the ankles and shook out personal data on 381 users — a mugging that Facebook so far hasn't had any luck in fighting