Cyber Attacks, Threats, and Vulnerabilities
Israel hacks series of Hamas websites as soldiers enter Gaza (Jerusalem Post) Official Hamas website, along with other prominent Gazan sites show error messages due to army hacking
Israeli TV hijacked by Hamas hackers (Hot for Security) Some satellite TV viewers in Israel got a surprise on Monday, when their regular programming was interrupted by an unscheduled transmission calling for an end to Israeli airstrikes in Gaza
MH17 Crash: Full Transcript Of Alleged Phone Intercepts Between Russian Intelligence Officers (International Business Times) After flight MH17 was shot down over eastern Ukraine on Thursday, Ukrainian and Pro-Russian separatist authorities looked for someone to blame. Now, the Ukrainian security chief has accused two Russian intelligence officers of shooting down the Malaysia Airlines Boeing 777 based on phone intercepts
Russian State TV Edits Wikipedia to Blame Ukraine for MH17 Crash (Global Voices) A day after a horrific plane crash in eastern Ukraine claimed the lives of nearly 300 people, speculation about who is to blame for shooting down the aircraft is in full swing. Leaders of Ukraine, Russia, and even the separatists in Donetsk have all placed responsibility on each other. In Kyiv, President Poroshenko blamed rebels in the east and criticized Russia for destabilizing the border. In Moscow, Vladimir Putin claimed that Kyiv is accountable for anything that happens in Ukraine. Donetsk's putative leader denies any role in the attack on Malaysian Flight MH17, saying it must have been the Ukrainian Air Force
Why Putin Let MH17 Get Shot Down (Daily Beast) Russia has been escalating its war in Ukraine for weeks. The urgency to win turned to recklessness
Su Bin, Lode-Tech, And Privatizing Cyber Espionage In The PRC (Digital Dao) The criminal complaint against Chinese businessman Su Bin (aka Stephen Su, Stephen Subin) is a must-read. Be sure to read the Wall Street Journal article as well. It marks the first time that the FBI has issued an arrest warrant for a foreigner charged with an act of cyber espionage via a network attack that has until now been attributed solely to state actors like the PLA
Pushdo Trojan infects 11,000 systems in 24 hours (Help Net Security) Bitdefender has discovered that a new variant of the Trojan component, Pushdo, has emerged. 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period
Pushdo botnet gets DGA update, over 6,000 machines host new variant (SC Magazine) The Pushdo botnet, known for delivering a bevy of malware through its spamming module Cutwail, is being updated to leverage a new domain-generation algorithm (DGA)
Critroni Crypto Ransomware Seen Using Tor for Command and Control (Threatpost) There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say it's the first crypto ransomware seen using the Tor network for command and control
Government-Grade Stealth Malware In Hands Of Criminals (Dark Reading) "Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools
New Mayhem malware targets Linux, UNIX servers (IT News) Infections found in Australia and New Zealand
WordPress plugin vulnerabilities affect 20 million downloads (ZDNet) Since May, security firm Sucuri has discovered critical WordPress plugin vulnerabilities affecting four plugins that have nearly 20 million downloads
Flaws found in Bitdefender enterprise endpoint manager (The Register) Hardcoded GravityZone creds to be wiped at month's end
Malcovery Security Issues Special Brief on the Asprox/Kuluoz Malware Used in EZPass Email Security Attack (Digital Journal) Malcovery®, the leader in delivering actionable intelligence that can be applied to neutralize the threats and actions by cyber criminals in the areas of phishing, spam and malware, released today a "Special Brief: Today's Top Threats Report: Asprox/Kuluoz Malware," a free threat intelligence briefing that details the malware that was used in the recent headline making attacks on E-ZPass. Unfortunately, E-ZPass is the latest in a long list of brands infected by this dangerous malware
How I gained access to Amazon EC2 servers from Github Search (Appgrounds) GitHub is a great place to host public code repositories so you can share and show off your work. However, some unwary programmers will include sensitive information such as passwords or private keys in their git repos and push their code to the public, where it can be viewed by anyone who knows where to look. Github Search allows advanced filters that allow us to search for these private keys
Aloha point-of-sale terminal, sold on eBay, yields security surprises (IDG via Networkworld) Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal—a brand of computerized cash register widely used in the hospitality industry—on eBay for US$200
Multiple Cisco home products vulnerable to exploit (ZDNet) A flaw in many of the company's cable modems and residential gateways could allow a remote attacker to take control of the device
Don't put that duffel bag full of cash in the hotel room safe (The Register) Two words: default passcodes… and there's MORE
Security Patches, Mitigations, and Software Updates
Chrome for Android Update Fixes Critical URL Spoofing Bug (Threatpost) The latest update to Chrome on Android — pushed yesterday — fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site
Apple Implements Email Encryption in Transit for iCloud (Threatpost) Apple quietly began encrypting virtually all of the email flowing in and out of its servers for its iCloud.com, mac.com and me.com domains, a move that throws up an important roadblock for attackers and others attempting to snoop on those transmissions
Siemens Working on Patches for OpenSSL Bugs Under Exploit (Threatpost) Siemens says it is working on patches for four critical vulnerabilities in the OpenSSL libraries it uses in a number of its industrial control products, flaws that are being exploited in the wild
Cyber Trends
IT security pros prioritise new tech over training (SC Magazine) New research from IT security vendor Websense and Ponemon Institute indicates that security professionals want their companies to invest in new technology, but are doing little to 'upskill' existing staff
Windows XP use rises among Irish businesses (The Independent) New figures show that use of the condemned computer operating system Windows XP has increased in Ireland since Microsoft ceased security support for the system in April. The figures, from global statistics firm Statcounter, suggest that Irish businesses still using the system may be dragging their feet in upgrading to a more secure platform
Are endpoints the most vulnerable part of the network? (Help Net Security) Only 39% of companies have advanced endpoint security protections in place even though 74% consider endpoints to be "most vulnerable" to a cyber-attack, and 76% say the number of endpoints is rising
Community Defense: World Cup Insights (Imperva) While most sports fans followed World Cup matches and results anxiously, some of us number geeks decided to add another dimension of analytics to this beautiful game. We wanted to have some fun with the data that we gather during the World Cup from our crowd-sourced threat intelligence service, called Community Defense, and map that data to matches
Unlocking the hidden value of information (Help Net Security) Unstructured content accounts for 90% of all digital information. This content is locked in a variety of formats, locations, and applications made up of separate repositories, according to IDC
Marketplace
Firms ready to invest in special cyber-security softwares: Study (Economic Times) Ensuring safety of financial transactions is becoming a priority for the firms, as many of them are willing to invest in a software specifically designed to protect financial details, says a survey by Russian cyber security solutions provider Kaspersky and B2B International
Fortinet cyber security business opens HQ in Sunrise (Sun Sentinel) Cyber threats know no borders, so the business of cyber security is booming worldwide
Payment security firm BioCatch raises $10 million (Internet Retailer) The firm analyzes how consumers use computers and mobile devices to help detect online fraud
Agiliance Shortlisted for Three 2014 Golden Bridge Awards (MarketWatch) Management team recognized for industry achievements; RiskVision platform selected for innovations in governance, risk, and compliance
CSG Invotas Wins 2014 TMC Internet Telephony Labs Innovation Award (Wall Street Journal) CSG Invotas, the enterprise security business from CSG International (NASDAQ: CSGS), today announced that it has been selected as a 2014 Internet Telephony Labs Innovation Award winner
Tassie startup StratoKey headed to security stratosphere (CSO) After nearly three years in development, the May debut of Tasmanian startup company's StratoKey security tool has been rewarded with a finalist berth in upcoming awards from security giant RSA and the opportunity for the founders to present to a massive audience of regional security-industry figures
Tenable's TRM Dashboard Eases Compliance with Singapore's Complex Financial Services Regulations (IT Business Net) Tenable Network Security®, Inc., the leader in continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance, today announced the new SecurityCenter Continuous View (CV)™ pre-defined IBTRM dashboard, which makes it easy for the Financial and Insurance Institution sector to comply with the complex regulatory environment created by the Monetary Authority of Singapore's Technology Risk Management Guidelines
Google's Business Chief Leaves The Company After A Decade (TechCrunch) Buried deep in Google's earnings release this afternoon was word of a pretty big management shift: Nikesh Arora, the company's Chief Business Officer, is leaving after a decade with the company
HP Appoints CEO Meg Whitman To Chairman Of The Board (TechCrunch) Meg Whitman just gained a bit more power within HP. The company's Board of Directors has appointed her to the chairman's spot following the departure of Ralph Whitworth earlier this week. Whitman was already serving as president and CEO of HP. She came on board following a tumultuous period of always-shifting leadership within HP and immediately set out to stabilize the
Products, Services, and Solutions
TrustPort Antivirus Software — The most interesting Software (Streetwise Tech) TrustPort antivirus software is the most interesting software nowadays. It has two scanning engines: AVG and BitDefender, however it lacks some features that most antivirus software have. It is great in detecting and removing viruses, threats, malware and spyware. Unfortunately, it does have the features of detecting new generation viruses and threats
Review: Microsoft Security Essentials Trusted Freeware (Streetwise Tech) According to the latest estimates, with over 90% of the people across the world owning a personal computer and laptop making use of the Windows Microsoft operating system, Microsoft Security essentials are in great demand. However, you need not fear. Microsoft Security essentials always provides a real-time antivirus and all the other protection for the home PC, which helps you to guard against spyware or any other malicious software that can create a problem in your personal computer
Alert Logic Log Manager Delivers Security Insight and Compliance Visibility - Now Available on AWS Marketplace (IT Business Net) Alert Logic Log, IDS and WAF security solutions all now available for annual subscription
Bitglass Unveils Security Solution that Combines Flexibility of Public Cloud Apps with Security of Private Cloud Data (Digital Journal) Bitglass today launched a new cloud solution that enables enterprises to adopt the cloud apps that their business needs, while storing corporate data encrypted in their own private cloud. This new solution extends Bitglass' ability to secure corporate data anywhere it goes — in the cloud, on devices and at the point of access
U.S. Army Grants Certificate of Networthiness (CoN) for 21 SolarWinds® IT Management Products (MarketWatch) SolarWinds SWI +2.13%, a leading provider of powerful and affordable IT management software, today announced that the U.S. Army Network Enterprise Technology Command (NETCOM) has accredited 21 unique SolarWinds solutions with a new Certificate of Networthiness (CoN), empowering Army IT Professionals to implement the network, systems and security management solutions in their IT infrastructures. The software is also listed on the U.S. Army CHESS IT e-mart, providing an easy and approved way for Army IT Pros to purchase SolarWinds software
eScan Anti Virus Edition with Cloud Security Antivirus (Steetwise Tech) Before moving towards eSacn Anti-Virus it is necessary to discuss what actually the word Anti-Virus Stand for?? Antivirus, anti-virus, or AV software is computer software used to avert, recognize and remove malicious computer viruses
Snowden Says Drop Dropbox, Use SpiderOak (Wall Street Journal) Edward Snowden singled out cloud-storage provider Dropbox for lacking security measures he says would protect users from government snooping. He then plugged smaller competitor SpiderOak, which he says does
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying (Wired) The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata
Technologies, Techniques, and Standards
How to Deal With Internal Data Security Threats (WorkIntelligent.ly) Today, David Strom talks data security and how to protect yourself from attacks from the inside of your organization
How to Investigate a Bitcoin Mining Malware Infection (Bit9+CarbonBlack) In my previous blog, I explained Bitcoin mining and provided an overview of a new type of malware used by malicious Bitcoin miners. In today's post, I take a closer look at a specific sample of this new breed of malware
Even Script Kids Have a Right to Be Forgotten (Krebs on Security) Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That's because the breached databases crawled by this search engine are mostly sites frequented by young ne'er-do-wells who are just getting their feet wet in the cybercrime business
Is use-after-free exploitation dead? The new IE memory protector will tell you (Fortinet) The Isolated Heap for DOM objects included in the Microsoft Patch Tuesday for June 2014 was just a fire drill aimed at making the exploitation of use-after-free (UAF) vulnerabilities more difficult. The patch for July 2014, however, has been quite a shock to exploit developers! In this release, Microsoft showed some determination in fighting back against UAF bugs with this improvement - the introduction of a new memory protector in Microsoft Internet Explorer, which would make exploitation of UAF vulnerabilities extremely difficult
Mitigating UAF Exploits with Delay Free for Internet Explorer (TrendLabs Security Intelligence Blog) After introducing the "isolated heap" in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call "delay free." This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet Explorer does not free object's heap space immediately when its reference count is zero
Successful Heartbleed response still raises important questions (TechTarget) Heartbleed, the vulnerability in the open source OpenSSL encryption library, left organizations across the globe scrambling to apply patches in April. Security experts warned the flaw may expose enterprises' most sensitive of data, including keys used for X.509 certificates, user credentials and online communications
After Heartbleed: New realities of open source software security (TechTarget) According to a recent survey, security and quality are two of the top reasons enterprises leverage open source software in the workplace. Yet, after the events of Heartbleed, many organizations are looking at open source software with a wary eye
Keeping the RATs out: **it happens — Part 2 (Internet Storm Center) As we learned in Part One of our exploration of Hazrat Supply's series of unfortunate events, our malicious miscreants favored multiple tools. We first discussed developing IOCs for HackTool:Win32/Zeloxat.A which opens a convenient backdoor on a pwned host. One note on that front, during analysis I saw network calls to zeroplace.cn (no need to visit, just trust me) and therefore added matching URI and DNS items to the IOC file. Again, I'll share them all completed for you in a day or two
Research and Development
MIT research shows the future of datacenter networking (ZDNet) High-performance Fastpass technology reduces lag by more than an order of magnitude
Spin Memory Shows Its Might (IEEE Spectrum) Spin-transfer-torque MRAM could edge out some mainstream memories
Academia
University to host US Cyber Challenge summer camp, competition (UDaily) The University of Delaware will be the host site for the 2014 U.S. Cyber Challenge (USCC) summer camp program to be held from July 21-25
France to offer programming in elementary school (ITWorld) Beginning this fall, French primary school students will have the option of learning computer science
Legislation, Policy, and Regulation
Merkel calls for 'sensible talks' over alleged US spying on Germany (The Guardian) German chancellor says talks on security and privacy needed to restore trust as US commentators defend surveillance of ally
Treasury's New Focus on Cyber-Risks (BankInfoSecurity) Treasury Secretary Jacob Lew this week took the precedent-setting step of publicly addressing what he referred to as the financial system's cybersecurity shortcomings. Lew's comments were noteworthy because they apparently mark the first time a member of the Treasury Department has directly addressed cyber-risks
Senate Weighs Botnet Busting Changes (infoRisk Today) The Obama administration wants Congress to update U.S. anti-hacking laws to allow law enforcement agencies to more easily crack down on fraudsters operating abroad, disrupt botnets used to distribute spam and distributed-denial-of-service attacks and bust "for hire" malware and botnet service providers
Guest Post: Would the USA Freedom Act End All Authorities for Bulk Collection? (Just Security) When the House passed the USA Freedom Act (H.R. 3361) in May, both Members and the administration announced that it would end bulk collection of metadata about Americans' communications. The administration is now urging Congress to pass the bill as soon as it can and Senators are now considering revisions to specific language in the House-passed bill
UN report strongly implies that NSA surveillance is violating international law (Vox) A new report from the UN High Commissioner for Human Rights suggests that several policies of the Obama administration — and specifically the National Security Agency — may violate international human rights norms
Net neutrality supporters: Deep packet inspection is a dangerous weapon (FierceEnterpriseCommunications) Network access providers should be disallowed from using DPI, and should provide regular reports to demonstrate they're not, suggests yet another group of Internet technology leaders
Australian Treasury backs mandatory data breach notification law (FierceITSecurity) Australia should enact a mandatory data breach notification law, recommends an interim report on the country's financial system by the Treasury
Litigation, Investigation, and Law Enforcement
Notorious Shylock banking malware taken out by law enforcement (Naked Security) Law enforcement action led by the National Crime Agency (NCA) in the UK has knocked out the infrastructure of a banking malware that infected at least 30,000 computers
Romanian gang used malware to defraud international money transfer firms (IDG via CSO) The cybercriminals targeted money transfer franchises in several European countries
ACLU joins appeal of Idaho woman suing NSA (FierceHomelandSecurity) More than a month after a federal judge struck down a lawsuit that an Idaho woman filed against the National Security Agency's collection of cellphone data, the American Civil Liberties Union and the Electronic Frontier Foundation have taken on the case in the appeals process
Microsoft's Bing follows Google in offering Europeans the 'right to be forgotten' (InfoWorld) Europe's top court gave people the right to have links to personal information removed from search listings in Europe
ATM Cash-Out Strikes Red Cross Accounts (GovInfoSecurity) Federal authorities have announced the successful prosecution of yet another member of an international cybercrime ring that's been tied to a global ATM cash-out scheme. This time, the scheme was linked to the exploitation of prepaid cards provided by the American Red Cross to disaster relief victims after the network hack of a payments processor used by the charity, investigators say
Snowden: NSA employees routinely pass around intercepted nude photos (Ars Technica) "These are seen as the fringe benefits of surveillance positions," Snowden says
State police spying on smartphones (Illinois Times) NSA-like eavesdropping has been used in Illinois since 2008
NCA and BAE Systems team up for online child porn cyber operation (V3) The NCA has used mysterious new technology to mount a co-ordinated sting operation that has already seen it arrest 660 suspected paedophiles
Retailer threatens critical reviewers on Amazon with "legal trouble" (Ars Technica) "It's bullying," a public interest lawyer says of the firm's tactics
Engineer Arrested Over Massive Benesse Holdings Data Leak (Softpedia) The Tokyo Metropolitan Police Department announced on Thursday, July 17, the arrest of a systems engineer for allegedly stealing private information of about 7.6 million customers of the education service provider Benesse Holdings