The CyberWire Daily Briefing 07.31.14

Cyber Trends

How safe is your quantified self? Tracking, monitoring, and wearable tech (Symantec Connect) Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications. Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking

Hackers to target managed IT services suppliers (MicroScope) The managed IT services market is worth over $142bn per annum and is set to grow dramatically in European countries such as the UK, according to research from MarketsandMarkets

PCI compliance contributes to false sense of security (Help Net Security) Despite industry data to the contrary, a new Tripwire retail cybersecurity survey indicates that organizations that rely on PCI compliance as the core of their information security program were twice as confident that they could detect rogue applications, such as those used to exfiltrate data

Heads in the Sand When It Comes to Small Business Security (Huffington Post) Last week I attended a round-table that explored how micro businesses are targeted by cybercriminals. It may be surprising to many people to learn just how at risk from cybercriminal activity even the smallest of businesses can be

Why retailers bear the brunt of security breaches (NetworkWorld) One security-ratings firm says breaches are often retailers' own fault for not dealing with security pro-actively

Target's VP of security: Collaboration is key (FierceRetailIT) Collaboration is the key to cyber security. This was the underlying message delivered by Target's (NYSE:TGT) security team as the retailer tries to move past the massive data breach of 2013

Protecting the Grid from Cyberattack (Verizon Enterprise Solutions) The U.S. energy infrastructure is aging: Seventy percent of the power transformers are more than 25 years old, and power plants, on average, are more than 30 years old. Yet threats — specifically, cyberthreats — are evolving at a greater rate than the grid can keep up with

Does The Internet Of Things Need Its Own Network? (PTC) As billions of Bluetooth-enabled mattresses, toothbrushes, dog collars, soccer balls — you name it — join the Internet of Things (IoT), the networks that bind them to smartphones, tablets and other devices inevitably will become crowded, leaving current Internet capacity inadequate to handle the influx. French Internet service provider Sigfox says the solution is to build a separate network specifically for "things" - See more at: http://blogs.ptc.com/2014/07/23/does-the-internet-of-things-need-its-own-network/#sthash.1vWGeAIJ.dpuf

Symantec's Gillett Says Biggest Cyber Threat Isn't What You Think (The Street) Companies are collecting an ever-increasing amount of information on their customers via the cloud and mobile devices. Faceless cyber attackers are licking their chops at an opportunity to profit

'Govt, people can make cyber space safe' (New Indian Express) Mobile phones now have more computing power than what National Aeronautics and Space Administration (NASA) had when they put man on moon, said former director of Global Cyber Security in Department of Homeland Security, the United States recently

A Look at PC Gamer Security (Webroot Threat Blog) In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks

Legislation, Policy and Regulation

Congress passed a cell-phone unlocking bill. But it won't do much. (Nextgov) Legislation to allow people to "unlock" their cell phones won unanimous support on Capitol Hill and is about to become law. But the bill won't have much practical effect for most people

Northrop CEO: Government officials should have the flexibility to get the job done (Washington Post) The key to more efficient government buying lies in giving federal workers greater freedom to make smart decisions, the leader of defense giant Northrop Grumman told a crowd of contracting professionals in a speech Monday

Products, Services, and Solutions

Splunk Adds Risk Scoring Framework to SIEM Platform (IT Business Edge) One of the more challenging aspects of IT security is the sheer volume of data that security professionals need to sort through to determine whether their organization has been compromised in some way

Alliance Key Manager Now Available on IBM Cloud Marketplace (Broadway World) Townsend Security today announced a partnership with IBM that brings the power of Alliance Key Manager to the IBM Cloud marketplace. Starting today, IBM clients can use Alliance Key Manager for IBM Cloud to manage their encryption keys with the same FIPS 140-2 compliant technology that is in the company's hardware security module (HSM) and in use by over 3,000 customers worldwide

Contrast Security Unveils Contrast For .NET, Enabling Microsoft .NET Web Applications To Continually Self-Test For Vulnerabilities (MarketWatch) New product enables consistent, enterprise-class security across Microsoft .NET web apps

Alert Logic Announces Security Solutions for Google Cloud Platform (MarketWatch) Alert Logic first to deliver IDS and log management capabilities to Google cloud customers

imatrix corp Launches CYREN WebSecurity Service in Japan (IT Business Net) CYREN (NASDAQ: CYRN) today announced an expansion of its partnership with Tokyo-based imatrix corp. imatrix will now offer the cloud-based CYREN WebSecurity service to its channel partners, telecom service providers as well as enterprises throughout the Japanese market

Appthority: Swisscom to Launch App (Insurance News Net) Appthority reported that Swisscom has launched a branded Mobile App Risk Management service powered by Appthority

KCS Group adds Sentinel to protect against cyber attack (MicroScope) Security firm KCS Group Europe continues to bolster the options it can deliver and has added Sentinel from ZoneFox to its portfolio to allow clients to monitor data interaction across their enterprise

Glasswall and NTT Com Security seal partnership (MicroScope) Glasswell Solutions continues to form partnerships to extend its abilities to counter cyber attacks after getting together with NTT Com Security to provide the channel with greater options in the face of ever growing threats

ForeScout and Rapid7 Partner to Deliver Real-time Assessment and Remediation Capabilities (IT News Online) ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced a partnership that will enable Rapid7 Nexpose and ForeScout CounterACT™ interoperability to address user demand for real-time assessment and mitigation of vulnerabilities, exposures and violations

Technologies, Techniques, and Standards

Ransomware and Cyber Extortion: What You Need to Know and Do (IBM Security Intelligence) Ransom, which refers to some kind of payment that is demanded in exchange for the release of someone or something that has been taken, is a simple yet effective ploy that has been used by criminals for thousands of years

Antivirus products riddled with security flaws, researcher says (PCWorld) It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned

FTP remains a security breach in the making (TechRepublic) Many IT administrators still rely on FTP to move files around on enterprise networks, download patches and share data. However, FTP poses some major security challenges and can leave networks open to intrusion

3 security mistakes small companies make and how to avoid them (Naked Security) Small businesses are in a tight spot; every organisation needs a basic level of computer security even if they don't have any technical employees

6 best practices to assure PCI compliance (Help Net Security) With recent PCI DSS compliance incidents costing companies millions of pounds in fines and losses and inflicting damage to valuable brand reputations, Netwrix is urging organizations processing payment cards to follow six best practices to safeguard against a security incident

5 Ways Boards Could Tackle Cybersecurity (InfoRiskToday) Putting cyber-speak into a language directors understand. A new handbook from National Association of Corporate Directors, titled "Cyber-Risk Oversight," offers five principles to guide boards of directors in helping their organizations address IT security threats

How security analytics help identify and manage breaches (Help Net Security) In this interview, Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more

Looking at insider threats from the outside (Help Net Security) Cybersecurity is a never-ending battle requiring around-the-clock attention. From malware to DDoS to APT attacks, front-line IT security teams are being constantly bombarded. With all this attention on external actors, many businesses do not take seriously enough the risk of insider threats — those acting from within the company

Tor Browser 3.6.3 — Use Tor on Windows, Mac OS X, or Linux without needing to install any software (Kitploit) The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked

Investigating the Dark Web — The Challenges of Online Anonymity for Digital Forensics Examiners (Forensic Focus) The recent rise in the number of people who suspect they may be being tracked on the internet, whether by government agencies, advertisers or nefarious groups, has led to increased interest in anonymising services such as TOR

Downloading Xplico (Infosec Institute) In this article we'll present Xplico, which is a network forensics tool installed in major digital forensics Linux distributions like Kali, Backtrack, Security Onion, DEFT, etc. In this tutorial, we'll take a look at the DEFT Linux distribution, which we can download from here: we need to download the 3GB large deft-8.1.iso file. Additionally, we can also take a look at the enclosed md5.txt file, which presents the MD5 hashes of the present files, presented on the picture below

The Complete Workflow of Forensic Image and Video Analysis (Forensic Focus) In this article we'll describe the complete workflow for image and video forensics. In fact, just like computer forensics is not only simply copying and looking at files, forensic video analysis is broad and complex and there are many steps that are commonly missed and rarely taken into account. It can be quite overwhelming if we think of all the tasks related to analysis. As a forensic video analyst, it is important to be aware of all the possible steps needed for a really complete analysis. This way, you can stay organized and minimize the possibility of skipping or missing steps. Also, if you do have to go to court, you have an outline that serves as the basis of your presentation

Marketplace

BAE Systems — Proposed acquisition of Signal Innovations Group (Twist) BAE Systems announces it has entered into an agreement for the proposed bolt-on acquisition of Signal Innovations Group, Inc. (SIG), a provider of imaging technologies and analytics to the US intelligence and defence communities

BlackBerry's motto: Never say die (FierceMobileIT) Nearly dead in 2013, BlackBerry has fought back under its new CEO John Chen to regain some momentum — particularly in the enterprise market

Cybersecurity Startup Gold Rush for Venture Capitalists (NetWork) According to PrivCo, a financial data provider on privately-held companies, venture capital firms are poised to push $788 million into early stage cybersecurity startups this year. This investment amounts to a 74% increase from last year's $452 million (note: see this article for more details)

Israeli Cyber StartUp ThetaRay Closes $10 Million Funding Round (Wall Street Journal) Israeli cyber security start-up ThetaRay Ltd., which makes software that detects anomalies in an organization's data, has closed a $10 million investment round

Darktrace Stars Among New Killer50 Companies (Business Weekly) Cambridge-based cyber security startup Darktrace zooms straight into a greatly changed line-up in The Killer50 rankings — making Business Weekly's list of the Cambridge Cluster's hottest technology companies in record time

ZeroFOX Recognized by CRN as a 2014 Emerging Vendor (PR.com) ZeroFOX, The Social Risk Management Company™, announced today it has been recognized as one of 2014's hottest emerging technology vendors by CRN, the top news source for solution providers and the IT channel. The annual Emerging Vendors list identifies up-and-coming technology vendors that have introduced innovative new products, creating opportunities for channel partners in North America to create high-margin, cutting-edge solutions for their customers

Fortinet Inc Becomes No. 2 Network Security Appliances Vendor in Asia Pacific (OppTrends) According to industry analyst firm IDC, the vendor overtook Check Point in Q4 2013 and maintained the lead in Q1 2014

Research and Development

OkCupid Sometimes Messes A Bit With Love, In The Name Of Science (NPR) OkCupid, the online dating site, disclosed Monday that they sometimes manipulate their users' profiles for experiments. Christian Rudder, co-founder and president of OkCupid, tells Audie Cornish that these experiments help the site improve how it works

Social media messes with our minds (ITWeb) Facebook raised everyone's ire when it did it and OKCupid crossed a line with its experiment. Yet the reality is that manipulation through social media channels — from Fakecations to click baiting — is more prevalent than people think, and users happily buy into the trend

Using Multiple Concepts to Secure IT (GovInfoSecurity) Imagine a cyber-attack that disables an electricity distribution center. What's the role of the U.S. military, government or the utility company in defending and retaliating? That's a question on the mind of Army Col. Gregory Conti

The NSA's Patents, in One Searchable Database (Foreign Policy) What do a voice identifier, an automated translator, a "tamper-indicating" document tube, and a supersecure manhole cover have in common? They're all technologies for which the secretive National Security Agency (NSA) has been granted patents by the U.S. government, giving the agency the exclusive rights to its inventions

Security Patches, Mitigations, and Software Updates

Facebook Plans to Fix Instagram Mobile Session Hijack — Eventually (Threatpost) Two unrelated researchers this week disclosed a similar session hijack bug in the Instagram mobile applications for Android and iOS. Facebook has reportedly acknowledged the problem, which arose from a failure to fully encrypt all data traffic on the service, but the world's largest social network is in no rush to fully encrypt the mobile variety of its popular photo-sharing service

Cyber Attacks, Threats, and Vulnerabilities

Islamic State video wages psychological war on Iraqi soldiers (Reuters) Islamic State, the al Qaeda spin-off that seized wide swathes of Iraq almost unopposed last month, has released a video warning Iraqi soldiers who may still have some fight in them that they risk being rounded up en masse and executed

Canada's government set back one year by devastating Chinese cyber attack (ITProPortal) Canada's National Research Council (NRC) was hit by a sophisticated hack apparently initiating from China

China slams Canada for 'irresponsible' hacking accusations (Reuters) China's foreign ministry accused Canada on Thursday of making irresponsible accusations lacking any credible evidence after Canada singled out Chinese hackers for attacking a key computer network and lodged a protest with Beijing

Energetic Bear: more like a Crouching Yeti (SecureList) Energetic Bear/Crouching Yeti is an actor involved in several advanced persistent threat (APT) campaigns that has been active going back to at least the end of 2010. Targeted sectors include: Industrial/machinery, Manufacturing, Pharmaceutical, Construction, Education, [and] Information technology. Most of the victims we identified fall into the industrial / machinery building sector, indicating this is of special interest

Assessing MH17-Themed Cyber Threats (Recorded Future) In our webinar today we assessed the aftermath of the MH17 tragedy from a threat intelligence perspective. Together with our guest Rich Barger, Chief Intelligence Officer of Cyber Squared Inc., we expanded on our previous assessment to address MH17-themed cyber threats by blending open source intelligence (OSINT) with network-derived intel — with a particular focus on NetTraveler

Russian ransomware author takes the easy route (Symantec Security Response) Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim's computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files

New Crypto-Ransomware Emerge in the Wild (TrendLabs Security Intelligence Blog) One of the recent triumphs against cybercrime is the disruption of the activities of the Gameover ZeuS botnet. Perhaps what makes this more significant is that one major threat was also affected — the notorious CryptoLocker malware

Why the Security of USB Is Fundamentally Broken (Wired) Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work

Hackers Can Control Your Phone Using a Tool That's Already Built Into It (Wired) A lot of concern about the NSA's seemingly omnipresent surveillance over the last year has focused on the agency's efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited

Android Malware Hijacks Voice Assistant (Infosecurity Magazine) The bug needs no permissions to carry out its deeds. A new type of Android malware hijacks the Google Voice Search function to essentially blab sensitive data back to criminals

Android "FakeID" security hole causes a pre-BlackHat stir (Naked Security) Mobile control company Bluebox has created a bit of a pre-BlackHat stir about Android insecurity for the second year in a row

How anyone can hack your Instagram account (Naked Security) Stevie Graham, a security researcher who reported an authentication flaw in Instagram's iOS software a few days ago, was denied a bug bounty by Facebook

Hacking Facebook's Legacy API, Part 2: Stealing User Sessions (Stephen Sclafani) This is part two of my research on Facebook's legacy REST API

Tor, a Service for Protecting Identity, Says Network Breached (Wall Street Journal) Tor, a service used to cloak the identity of Internet users, says outsiders breached its network and tried to learn the identities of some users earlier this year

Tor hints at possible U.S. government involvement in recent attack (NetworkWorld via CSO) Anonymity network hacked with sophisticated traffic correlation technique

Tor security advisory: "relay early" traffic confirmation attack (Tor Project) On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks

Symantec Endpoint Protection vulnerabilities enable privilege escalation (SC Magazine) The vulnerabilities can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover

ICS-CERT warns of flaw in Innomiate MGuard secure cloud product (Threatpost) The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks

Multipath TCP introduces security blind spot (Threatpost) If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream

Gizmodo Brazil Compromised, Leads to Backdoor (TrendLabs Security Intelligence Blog) Recently, I learnt that attackers compromised Gizmodo's Brazilian regional site. The attackers were able to modify the Gizmodo main page to add a script which redirected them to another compromised website. This second compromised site was hosted in Sweden, and used a .se domain name. The attackers also uploaded a web shell onto this site (the site hosted in Sweden) to keep control of this server

SocialBlade.com Redirects to Exploit Kit (Softpedia) Popular websites are always a target for cybercriminals, and in a recent campaign, YouTube statistics tracker SocialBlade.com has been compromised to steer users to pages serving the Nuclear Pack exploit kit (EK)

Alert (TA14-212A) Backoff Point-of-Sale Malware (US-CERT) This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense

97% of Global 2000 remain vulnerable to due to Heartbleed (Help Net Security) 97 percent of Global 2000 organizations' public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation, according to Venafi. This leaves the door open for attackers to spoof legitimate websites, decrypt private communications, and steal sensitive data sent over SSL

Phishing: What Once Was Old Is New Again (Dark Reading) I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!

Key making apps provide convenience, but also risks (KTVU News) Key making is a daily grind for clerks at Brownie's Hardware Store in San Francisco

Huge data breach at Paddy Power bookmakers — details of over 649,000 customers stolen (Belfast Telegraph) There has been a huge data breach at Irish bookmakers Paddy Power, with the personal details of over 649,000 customers having been stolen

375 million customer records compromised in 2014 (Help Net Security) Between April and June of this year, there were a total of 237 breaches that compromised more than 175 million customer records of personal and financial information worldwide. For the first half of 2014, more than 375 million customer records were stolen or lost as a result of 559 breaches worldwide

Free Wi-Fi — but it'll cost you your privacy (Naked Security) The UK city of York plans to roll out, citywide, the sweet, sweet candy of free Wi-Fi

Academia

FAU seeks entrepreneurs to create cybersecurity solutions (South Florida Business Journal) Florida Atlantic University is looking for entrepreneurs to dream up cybersecurity solutions. With recent data breaches at Target and Neiman Marcus getting consumers' attention, the university hopes to help companies prevent leaks

Elite cyber talent (UDaily) Students from around the state train to become cyber professionals

Litigation, Investigation, and Enforcement

ICANN can't hand over Iran's internet, bomb victims told (The Register) Why? Because nobody owns it

Russia says "Hand over your code." (Network Security Blog) Well, this should be interesting. The Russian Communications Minister suggested, rather strongly, that Apple and SAP share their source code with the Russian government so that it could be reviewed to make sure it wasn't being used to spy on Russian citizens. Yes, Russia is playing the privacy card to sneak a peek at the crown jewels of two of the biggest high tech companies in the world. Who says Russian politicians don't have a sense of humor?

China steps up the arms race in the digital cold war (Business Spectator) The digital cold war between China and the United States grew chillier still this week with a surprise raid of the offices of US technology giant Microsoft in four cities across China on Monday

We're Fighting the Feds Over Your Email (Wall Street Journal) Governments want the right to see email stored anywhere in the world. Microsoft says not so fast

MICROSOFT: The Government Has A Sneaky Way Of Forcing Tech Companies To Turn Over Your Emails (Business Insider) Microsoft's general counsel Brad Smith announced in a Wall Street Journal op-ed Tuesday night that the company will fight a tactic used by the U.S. government to force tech companies to turn over customers' emails stored on remote servers

Was fleeing the country Snowden's best option? (ABC PM) While Julian Assange himself is still stuck in a room in Ecuador's embassy in London, the NSA (National Security Agency) whistleblower Edward Snowden is in Moscow, where he got stuck on his way from Hong Kong more than a year ago

The NSA Is Being Sued for Keeping Keith Alexander's Financial Records Secret (Motherboard) Former NSA Director Keith Alexander's lucrative entrance into the private sector has raised a heap of ethical questions about the spy chief's intentions

NSA sued over fears that former director is selling secrets (Russia Today) The National Security Agency has received its fair share of lawsuits since former contractor Edward Snowden began to disclose secret documents last year, and now the NSA is being taken to court for failing to produce files about its former director

A 24-Year-Old Allegedly Used A Simple But Brilliant Scam To Cheat Apple Out Of $300,000 (Business Insider) Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, according to Tampa Bay Times' Patty Ryan

Hacker Charged with Breaching Multiple Government Computers and Stealing Thousands of Employee and Financial Records (FBI Washington Field Office) Lauri Love, 29, of Stradishall, England, was indicted today by a federal grand jury in the Eastern District of Virginia on charges of conspiracy, causing damage to a protected computer, access device fraud and aggravated identity theft

Court OKs Stingray Use in Wisconsin Murder Plot (The Blot) The Supreme Court of Wisconsin upheld a murder suspect's conviction this week after police located the man using a controversial cellphone surveillance tool known as a Stingray

Design and Innovation

NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22 (ZDNet) With one week until the eve of America's biggest and most controversial hacker conference, we've got a hotlist of explosive talks set to go off at DEF CON 22

Inside Citizen Lab, the "Hacker Hothouse" protecting you from Big Brother (Ars Technica) Globe-spanning white hat network hacked for the Dalai Lama, inspired arms legislation

What privacy settings tell you about the profound differences between Google and Apple (Quartz) When you install an app on an Android smartphone or tablet, it asks for access to data such as your location or address book. If you say no, you can't install the app. Not surprisingly, this puts some people off

Overstock's Radical Plan to Reinvent the Stock Market With Bitcoin (Wired) Overstock.com and its swashbuckling CEO, Patrick Byrne, are hoping to create a new kind of corporate stock based on the computer software that drives bitcoin, aiming to overhaul the stock market in much the same way that bitcoin overhauled how we store and exchange money

World War II Codebreaking Center Is Reborn After Being in Disrepair (eWeek) During the war, the center in England was an invaluable resource for deciphering encoded enemy communications. Now, it's a museum that showcases that history