The CyberWire Daily Briefing 12.22.14

Cyber Trends

Cyber-war or cyber-peace? (Security Affairs) Equilibria in cyberspace are evidently unstable and many experts believe that we are in the midst of a cyber-war… there is the urgency of a regulation

Why cyber warfare is so attractive to small nations (Fortune) Enabled by Internet connectivity, cyber war provides more bang for the buck than investment in conventional weapons

Government hacks and security breaches skyrocket (CNN) The North Korean hack of Sony Pictures that unleashed proprietary information, leaked embarrassing emails and brought the multi-billion dollar company's operations to its knees was unprecedented. But cyber security and intelligence experts warn that this is only the beginning

The Internet's Winter Of Discontent (Dark Reading) The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world's connected economy is that the hits just keep on coming

Cybercrime will continue to evolve (Help Net Security) The breadth and depth of the data breaches seen by the world in 2014 was shocking — spanning major banks, e-commerce giants, healthcare giants, casinos and others, exposing hundreds of millions of usernames, passwords and credit card details. The coming year will be no different, and businesses and consumers need to be prepared for continued changes in the cybercrime landscape

Security News No One Saw Coming In 2014 (Dark Reading) John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year

5 Worst Security Fails of 2014 (Tom's Guide) From start to finish, 2014 was chock-full of embarrassing security failures. Executives' emails, starlets' nude photos and your credit-card numbers all got into the hands of bad people who seemed to run rampant over the Internet without restraint

Top 10 Social Media Fails Of 2014 (InformationWeek) Businesses learn lessons the hard way when their social media posts go wrong. Have a look at the businesses that made this year's naughty list

Are Electronic 'Back Doors' Unintentionally Helping Hackers? (Knowledge @ Wharton) For global insurance firms, cyberattacks have become the most threatening of all emerging risks, according to a survey conducted recently by Guy Carpenter & Co., the risk and reinsurance specialists. Over the past two years, hackers have infiltrated major airlines, energy companies and defense firms, among many other businesses

Don't Mug Me For My Password! (InformationWeek) In today's information-based world, crooks are targeting mobile devices -- and the data on them. The healthcare industry is particularly vulnerable

How will your data be at risk in 2015 (ITProPortal) The world of information security is, as we know, a constant arms race between the hackers and cyber criminals and the protection industry

2015 Industry Predictions Part 3: Defense, Response, Collaboration (Infosecurity Magazine) No industry sector can afford to stand still or rest on its laurels, but the burden of adapting to new challenges falls particularly heavily on infosec professionals. Failing to keep up with change in some other aspect is unlikely to affect an organization as badly as outdated security practice and policy. You only need to open a newspaper to see evidence of that

OPSWAT Survey Finds Malware Breaches in Companies Commonplace (PRWeb) 51% of surveyed IT administrators experienced a recent malware breach, emphasizing the importance of employee education and multi anti-malware scanning

Legislation, Policy and Regulation

EU to demand 2-factor for online payments by August 2015? (Naked Security) The European Banking Authority (EBA), the EU body tasked with supervising and regulating the banking sector, has issued a new set of guidelines on the security of internet payments

Positive steps on the road towards harmonization of global cybersecurity risk management frameworks (Microsoft Cyber Trust Blog) Around the world, governments are pursuing initiatives to protect their cyberspace, developing national cybersecurity strategies, considering information sharing incentives, and assessing baseline security protections. Two important initiatives with the potential to be impactful far beyond national borders have been unveiled in the European Union (EU) and the United States over the past two years. First, the U.S. government encouraged businesses to adhere to a set of technical and organizational recommendations in its voluntary Cybersecurity Framework. Now, the EU is discussing the Network and Information Security (NIS) Directive, legislation that envisions mandatory cybersecurity requirements, the scope and detail of which will be critical to its effectiveness

Morocco, a strategic partner in anti-terror cooperation with Sahel-Sahara Countries, EU (North Africa Post) The European Union recognized the strategic role played by Morocco in anti-terror struggle as indispensable and called for enhanced cooperation between the North African nation and the countries of the Sahel-Sahara region in order to fight more effectively terrorist networks

Chertoff: We Need a Clear Doctrine of Deterrence to Cyber Attacks (TIME) And just as we did not abandon our aviation system after 9/11, we should defy demands that we curtail our free speech

Obama could stifle North Korea's shakedown of Sony (Washington Times) The American people now have a censor — North Korean dictator Kim Jong Un, and they can thank President Obama's failure to defend their rights to free speech and privacy

White House Issues Impotent Response to Cyber Attack (Breitbart) The White House, in its usual impotent way, responded to the cyber attack on Sony Studios with a barrage of verbiage. White House spokesman Josh Earnest intoned that the attacks were executed by a "sophisticated actor with malicious intent… We believe that this destructive activity merits an appropriate response. There are a range of options that are under consideration right now. The president considers this to be a serious national security matter"

Lawmakers laud 'historic' cyber laws (The Hill) The cyber bills signed into law Thursday by President Obama are "a historic step in bolstering our national security," said Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.)

Congressional Passage of Cybersecurity Bill Is a Triumph for Automation, Groups Say (Power) The Cybersecurity Enhancement Act of 2014 that cleared Congress last week and was presented to President Obama on Monday has the backing of automation organizations

CISA Supporters Use Sony Pictures Security Breach To Push Bill (GamePolitics) We knew it wouldn't be long before some politicians and bureaucrats took the opportunity to use Sony Pictures' recent security breach as a way to push questionable cybersecurity legislation. The White House declared the Sony security breach a "national security issue" yesterday and today the FBI claimed that North Korea was directly involved in the hack

Egypt relieves spy chief for 'health reasons' (World Bulletin) Al-Sisi has appointed Gen. Khaled Fawzi, head of the National Security Agency, as the acting intelligence chief

Products, Services, and Solutions

The App That Makes It Incredibly Easy For Hackers To Break Into Your iPhone Just Got Even Scarier (Business Insider) Elcomsoft Phone Breaker, the app that some think hackers used to break into Kate Upton's iCloud account in September, just got a massive update that makes it even easier to steal information

OpenDNS Partners With Three Security Vendors To Mount Unified Defense Against Cybercriminals (CRN) Hackers and cybercriminals share intelligence, so why shouldn't security solutions?

Security app warns of threats, leads users to safety (PoliceOne) Experience police and military veterans alert civilians of nearby threats and guide them to safety

Pulse Secure Simplifies Secure Device Onboarding and Compliance for BYOD (Business Wire) Pulse Secure, a leading provider of access and mobile security solutions to the enterprise and service providers, today released new functionality for its Connect Secure and Policy Secure solutions that simplify the deployment of secure network access services and address key challenges of BYOD. The new solutions offer automated onboarding of PCs and mobile devices, streamlined remote connectivity and expanded compliance enforcement

Technologies, Techniques, and Standards

WatchGuard Technologies Urges Action, Not Panic for IT Professionals in Face of Sony Attack (Virtual Strategy Magazine) WatchGuard's Global Director of Security Strategy predicted a "Hollywood"-worthy infrastructure attack a year ago today

Decrypt This: OS Security Showdown (Digital Trends) 2014 has been a tumultuous year for personal security. Through the continuing revelations of NSA leaks, North Koreans shutting down Sony, and the big bad bug that made everyone's Heart Bleed, the past twelve months have shown that the hairiest of hacks are almost always in the last place you'd think to look

Hacking And The Honeypot Trap (Design & Trend) Earlier this year, the U.S. Postal Service was hacked

Cloud VPN Security Recommendations (Infosec Institute) A VPN (Virtual Private Network) enables connections between clients and servers from multiple different internal networks across a public network (like the Internet) as if the nodes were located in the same private network. Since the communication is transferred across the public network, it must be properly encrypted to prevent eavesdropping. When a user is connected to the VPN connection, he/she can access the extended network services the same way as if they were located with its private network

Smart grid security certification in Europe (Help Net Security) ENISA issues a report on smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries

Buck Rogers Leads BOE's Hackersin 21st Century Cyberwar (Bloomberg) Buck Rogers is the man behind the Bank of England's latest cyber security campaign. Unlike the comic book hero, he doesn't battle radioactive mutants or aliens. His foes are the 21st century humans who use computers as weapons

Endpoint security fundamentals: The business case for antimalware protection (TechTarget) Expert Ed Tittel explains why all organizations, no matter their size, need to protect endpoints with antimalware products

Cybercriminals won't take a vacation this holiday season (Help Net Security) The holiday period is a time to celebrate with family and loved ones. Unfortunately, cybercriminals will use the season to take advantage of businesses as IT staff and end users relax their guard heading into the end of year. With that in mind, GFI Software is reminding both organizations and consumers to stay vigilant this year and is providing helpful tips on how to increase online safety and spot attempts at holiday cybercrime

Marketplace

Post Sony hack, security appliance market remains red-hot (Channel Mics) Growing security concerns continue to boost appliance sales

Sony Hack Fallout Highlights Value Of IT Security Spending, Analyst Says (TheStreet) The hacking of Sony's (SNE) Sony Pictures unit shows that spending more on IT security is worthwhile for companies, Wells Fargo analyst Gray Powell wrote in a note to investors today

Venture capitalist Ted Schlein anoints the next hot cybersecurity startups (Christian Science Monitor: Passcode) Schlein talks about his latest investments, some of the myths about cybersecurity, and what it will take for the new crop of security startups to keep up with sophisticated hackers

BlackBerry Completes Acquisition of German Anti-Eavesdropping Firm (SecurityWeek) Smartphone maker BlackBerry Limited announced on Friday that it has completed its acquisition of Secusmart GmbH, a provider of high-security voice and data encryption and anti-eavesdropping solutions

Symantec: A Long-Term Investment Opportunity In An Attractive Tech Stock (Seeking Alpha) Symantec is the second top-ranked stock in my portfolio. Symantec will continue to benefit from the increasing demand for anti-hacking tools and from its new partnership with HP to develop a new Disaster Recovery as-a-Service solution. Symantec is generating strong cash flows and returns value to its shareholders by stock buybacks and dividend payments

Startup Profile: Seculert Prioritizes Response Over Prevention (InformationWeek) The cloud security newcomer Seculert aims to identify and validate data breaches to enable faster response and remediation

Verint Receives 2014 Asia Pacific Market Share Leadership Award from Frost & Sullivan for Seventh Consecutive Year (CSO) Verint® Systems Inc. (NASDAQ: VRNT) today announced that it has received the "2014 Asia Pacific Market Share Leadership Award" from Frost & Sullivan. This marks the seventh consecutive year that Verint has received this distinction in the Call Monitoring Systems category from the global analyst and consultancy firm, underscoring its innovation, growth, strong partner ecosystem, and ability to help customers achieve their business goals through the use of proven quality monitoring and customer engagement optimisation solutions

Tenable Network Security Earns GSN Homeland Security Award for Best Continuous Monitoring Solution (Herald Online) Tenable Network Security®, Inc., the leader in continuous network monitoring, today announced it has been named a winner of the GSN 2014 Homeland Security Awards in the Best Continuous Monitoring Solution category

Gartner's Magic Quadrant positions Gemalto as a leader in user authentication (Globe Newswire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has again been positioned as a Leader in Gartner's December 1, 2014 Magic Quadrant for User Authentication, out of the 18 vendors assessed by Gartner. The vendors surveyed in the Magic Quadrant are evaluated based on two main criteria: completeness of vision and ability to execute

FortyCloud Wins UP-START 2014 Cloud Award for Best Cloud Security Solution (Virtual Strategy Magazine) FortyCloud today announced that it has been selected as the winner for Best Cloud Security Solution at the 2014 UP-START Cloud Awards

Hexis Appoints EMEA Executives to Oversee HawkEye and NetBeat Product Lines; Strategic New Hires Help Define Sales Approach and Foster Growth (Nasdaq) Expanded European and Middle East presence marked by onboarding a dozen new associates and strong momentum signing VAR partners

Security Patches, Mitigations, and Software Updates

Google Introduces Content Security Policy for Gmail (Computer Business Review) W3C standard to be deployed on the desktop version of Gmail

Vulnerability Note VU#852879: Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (CERT &#124 Software Engineering Institute &#124 Carnegie Mellon University) The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keyserview The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys

Cyber Attacks, Threats, and Vulnerabilities

Sony Hackers Snooped for Months, Then Planted 10-Minute Time Bomb (Bloomberg) Hackers who broke into Sony Corp.'s Hollywood unit probably spent months collecting passwords and mapping the network before they committed a last act of vandalism, setting off a virus that wiped out data and crashed the system in 10 minutes

Sony Executives Suspect an Insider in the Cyberattack (Movie News Guide) While North Korea is still the main suspect to the massive cyberattack against Sony on Nov. 24, 2014, the executives of the company are starting to suspect it was an inside job. They assure that no outside source could perfectly hack Sony's network

Sony Hackers Used a Half-Dozen Recycled Cyber-Weapons (Bloomberg) The cyber attack that turned Sony's movie studio upside down relied heavily on old software and schemes, according to research from an Israeli cybersecurity company

FBI Officially Concludes That North Korea Is Responsible for the Sony Hack (Softpedia) The investigation into the incident is not over yet, but from the clues found by its agents, the FBI has drawn the conclusion that the North Korean government is responsible for the attack on Sony network

U.S. Finally Officially Condemns Sony Cyber-Attack by North Korean Cyber-Terrorists (eNews Channels) John Kerry, U.S. Secretary of State made the following statement today in Washington, D.C.: The United States condemns North Korea for the cyber-attack targeting Sony Pictures Entertainment and the unacceptable threats against movie theatres and moviegoers. These actions are a brazen attempt by an isolated regime to suppress free speech and stifle the creative expression of artists beyond the borders of its own country

Homeland Security chief calls Sony hack 'an attack on our freedom of expression' (The Verge) On the heels of today's FBI statement officially naming North Korea as responsible for the hack on Sony Pictures, Homeland Security chief Jeh Johnson has put out a statement denouncing the attack and emphasizing his department's cybersecurity efforts. "The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees," Johnson said in the statement. "It was also an attack on our freedom of expression and way of life." The release of The Interview, which is thought to have provoked the attack, has been cancelled, and the attackers have asked Sony Pictures executives to erase all traces of the film to prevent future leaks. President Obama is expected to address the matter later today

UPDATED — FBI Confirms N. Korea Behind Sony Attack; Admin May Put Back On Terrorism List (HS Today) The FBI confirmed Friday that as a result of its investigation into the cyber attack targeting Sony Pictures Entertainment "in close collaboration with other US government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions"

North Korea denies hacking Sony, U.S. stands by its assertion (Reuters) North Korea said on Saturday U.S. accusations that it was involved in a cyberattack on Sony Pictures were "groundless slander," and that it wanted a joint investigation into the incident with the United States

North Korea proposes joint probe with U.S. into Sony cyber attack: KCNA (Reuters) North Korea proposed a joint investigation with the United States on the cyber attack against Sony Pictures, calling the charge by the FBI that it was behind the attack "slander", state media said on Saturday

Obama vows U.S. response to North Korea over Sony cyber attack (Reuters) President Barack Obama vowed on Friday to respond to a devastating cyber attack on Sony Pictures that he blamed on North Korea, and scolded the Hollywood studio for caving in to what he described as a foreign dictator imposing censorship in America

Obama: North Korea's actions are cybervandalism, not war (McClatchy) President Barack Obama said Sunday that he does not think a recent North Korean cyberattack against Sony Pictures Entertainment was "an act of war." But, he told CNN's Candy Crowley on "State of the Union" that it was a very expensive act of cybervandalism

U.S. Asks China to Help Rein In Korean Hackers (New York Times) The Obama administration has sought China's help in recent days in blocking North Korea's ability to launch cyberattacks, the first steps toward the "proportional response" President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials

Opinion: In response to Sony hack, US should focus on China not North Korea (Christian Science Monitor: Passcode) President Obama has few good options from deterring North Korea from attacking — but he might be able to convince Beijing

What does a cyber counterattack look like? (Politico) President Barack Obama promised at his year-end news conference Friday that the U.S. will respond "proportionally" to North Korea's cyberattack against Sony Pictures Entertainment, but the conventional options available to him are ineffective, merely symbolic or a bad risk because they might lead to a larger military conflict

U.S. should respond aggressively to cyber attack, expert says (Hawaii Reporter) The attack on Sony Pictures and threats to the movie industry cannot be tolerated, one of the nation's leading security experts says. Lynn Mattice is president and CEO of the National Economic Security Grid, a non-profit organization focused on educating small and medium sized enterprises on a broad range of threats they face

What should the U.S. do in response to North Korea? Nothing more (GeekWire) The past 24 hours have seen the Sony hack attack take us even further into new, uncharted territory

North Korea barely has the Internet. And that could be good defense in a cyberwar. (Washington Post) The U.S. government on Friday publicly named North Korea as the culprit in a destructive cyberattack against Sony Pictures Entertainment. But what exactly the United States can do about it is unclear, especially if the government wants to launch a counter cyberattack against the secretive nation

What we know about North Korea's cyberarmy (IDG via CSO) The attack on Sony Pictures has put North Korea's cyberwarfare program in the spotlight. Like most of the internal workings of the country, not much is known but snippets of information have come out over the years, often through defectors and intelligence leaks

For North Korea's cyber army, long-term target may be telecoms, utility grids (Reuters) The hacking attack on Sony Pictures may have been a practice run for North Korea's elite cyber-army in a long-term goal of being able to cripple telecoms and energy grids in rival nations, defectors from the isolated state said

North Korea's legacy of terrorism goes far beyond hacking (Washington Post) A disastrous hack of Sony Pictures and the subsequent cancellation of "The Interview" has rightly been taken as a sign of the growing threat of cyberwarfare in the modern age. Many observers now wonder whether North Korea's actions (assuming it really is North Korea) constitute some new form of online terrorism

US officials blame North Korea, but absolute attribution in Sony hack may be elusive (Christian Science Monitor: Passcode) Investigators can take weeks and even months to piece together an attack, especially a major one of the kind that hit Sony. Even then, it's often impossible to assign blame with 100 percent accuracy

Security experts: FBI report light on evidence linking North Korea to Sony hack (Christian Science Monitor: Passcode) The FBI statement that linked the Sony hack to North Korea relied on previously released and inconclusive evidence, said many cybersecurity insiders

Pro-DPRK Groups like Chongryon Could Be Aiding In #SonyHack: FBI Provides An Update Including Some Tech Details (ThreatBrief) The FBI just posted the first official written articulation of why they believe North Korea is linked to the ongoing Sony Hack

Iran Another Suspect Behind Sony Cyberattack (AP via CBS News) The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle clues in the hacking tools left behind and the involvement of at least one computer in Bolivia previously traced to other attacks blamed on the North Koreans

Sony hack reveals threat of 'psychological' cyber warfare (The Hill) The Sony Pictures hack has forced Americans to confront an aspect of cyber warfare common overseas but rarely discussed domestically — psychological cyberattacks

A Former Sony Pictures Exec Defends The Decision To Pull ‘The Interview’ (TechCrunch) Late last week, TechCrunch had a chat with former Sony Pictures Chief Digital Strategy Officer Mitch Singer to discuss the motivations that likely went into Sony deciding to pull "The Interview" from theaters and the implications of that decision

"The Interview" Censorship Protestors Screen Chaplin's Hitler Parody "The Great Dictator" (TechCrunch) A clandestine invite to a "secret screening to protest against censorship" of The Interview did not lead to a showing of the North Korea-skewering film at the center of the Sony Pictures hack. It did raise money for free speech charity Article 19, though. Instead, attendees in London, Rome, and San Francisco who were instructed to come "dressed in a dark suit, and bring a small gift for a stranger" were shown screenings of Charlie Chaplin's The Great Dictator

Sony hack adds to security pressure on companies (San Diego Union-Tribune) Faced with rising cybercrime like the attack on Sony Pictures Entertainment, companies worldwide are under pressure to tighten security but are hampered by cost and, for some, reluctance to believe they are in danger

The High Water Mark? (Security Info Watch) The Sony hack and subsequent damage control should mean something to every business owner

Game Change: Three Reasons Why #SonyHack Will Change Security (CTOVision) UPDATED: on 12/19/14, the FBI officially declared North Korea to be the aggressor behind the Sony Pictures Entertainment hack. The evidence published is circumstantial and probably would not stand up to scrutiny in a court of law. However, we do not know what other out-of-band information, such as SIGINT, HUMINT, and intelligence from other nations' intelligence agencies may have played into this determination. We do know it is highly unusual to conclusively determine attribution of an attack, especially this soon after the attack has occurred

South Korea nuclear plant operator says hacked, raising alarm (Reuters) Computer systems at South Korea's nuclear plant operator have been hacked, the company said on Monday, sharply raising concerns about safeguards around nuclear facilities in a country that remains technically at war with North Korea

South Korean Nuclear Operator Holds Cyberattack Drills After Hack (TIME) Hackers threaten people to "stay away" from three nuclear reactors unless they are closed by Christmas

Private School Threatened: Pay $1M or Cyber-Attack (NBC Philadelphia) Hot on the heels of the infamous Sony hack, Pine Forge Academy in Berks County is facing a similar threat if it doesn't pay $1 million to a person claiming to be with a group called Heart of the People

Information-stealing 'Vawtrak' malware evolves, becomes more evasive (Naked Security) Vawtrak, as we described in detail in our recent technical paper, is a dangerous banking Trojan that is actively being updated and improved on a regular basis

New Zeus variant targets users of 150 banks (Help Net Security) A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan

Solo attacker likely responsible for phishing campaign, delivering Zeus variant (SC Magazine) Phishing emails, a phishing kit and phony browser alerts are being used to steal credentials and deliver a variant of the Zeus trojan, and researchers with PhishLabs — the security firm that identified the threat — believe the operations are being carried out by a single individual

TorrentLocker Ransomware Spreading Fast: Report (Infopackets) A new report from security firm ESET finds that the TorrentLocker ransomware scam has now encrypted an estimated 285 million files. Unfortunately, ESET security experts don't see the rate of infections dropping off any time soon

CryptoLocker Copycat Hits Australians via Emails (Softpedia) A new ransomware trying to monetize on the name of the infamous CrytoLocker ransomware has been observed to be served to unsuspecting Australians in emails claiming to be from the Office of State Revenue, in connection to paying a fine for speeding

Gang Hacked ATMs from Inside Banks (KrebsOnSecurity) An organized gang of hackers from Russia and Ukraine has broken into internal networks at dozens of financial institutions and installed malicious software that allowed the gang to drain bank ATMs of cash. While none of the victim institutions were in the United States or Western Europe, experts say the stealthy methods used by the attackers in these heists would likely work across a broad range of western banks

Tor warns users of possible attempt to disable its network (Pando Daily) The Tor Project has issued a statement warning that it has learned of a possible "attempt to incapacitate our network in the next few days." The statement doesn't identify the source of the alleged threat but warns an attack might come "through the seizure of specialized servers in the network called directory authorities"

The 'grinch' isn't a Linux vulnerability, Red Hat says (PCWorld) The "grinch" Linux vulnerability that Alert Logic raised alarms about Tuesday is not a vulnerability at all, according to Red Hat

Linux 'GRINCH' vuln is AWFUL. Except, er, maybe it isn't (Register) Securo-bods in bunfight over priv-escalation problem

Serious NTP security holes have appeared and are being exploited (ZDNet) A network time protocol security hole has been discovered and there are reports that exploits already exist for it and are being used in attacks

It Starts With an Email… How a Hacking Gang Has Stolen $17 Million From Banks and Retailers Since 2013 (Tripwire: the State of Security) Researchers at Group-IB and Fox-IT have today published a detailed report, exploring a Russian hacking gang called Anunak which has successfully stolen over one billion rubles ($17 million) from the banking industry and Western retailers

AutoIT-based POS Malware 'Sparks' Fresh Threat (Infosecurity Magazine) A variant of the Alina malware, used to scrape credit card (CC) data from point of sale (POS) software, has been rampaging its way through the wild lately — using a sophisticated twist in approach that involves AutoIT

Staples comes clean: 1+ million bank cards at risk after hack (Register) Run for the tills! Run for the tills!

Alert (TA14-353A): Targeted Destructive Malware (US-CERT) US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool

Misfortune Cookie Takes Bite Out of Internet Security (Tom's Guide) This cookie wants to take a bite out of you: A serious security flaw called Misfortune Cookie affects more than 12 million routers, modems and other "gateway devices" — as well as all the devices connected to them, from computers, smartphones and tablets to "smart home" devices such as toasters, refrigerators, security cameras and more

Vulnerability Note VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager (CERT &#124 Software Engineering Institute &#124 Carnegie Mellon University) Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device. According to Check Point's advisory, the vulnerability was addressed by Allegro in 2005 but is present in current or recent firmware releases of many devices

ICANN: The TRUTH about that hacker attack on our DNS zone file database (Register) But vague details raise questions about org's security

Cheap Black Friday/Cyber Monday Android tablets riddled with vulnerabilities and security headaches (ZDNet) Cheap tablets on offer over Black Friday and Cyber Monday may have seemed like a good deal, but security researchers warn that some of these devices may be riddled with vulnerabilities, security misconfigurations, or even security backdoors

48,000 Federal Employees Potentially Affected by Second Background Check Hack (Nextgov) The Office of Personnel Management is alerting more than 48,000 federal employees their personal information may have been exposed following a breach at KeyPoint Government Solutions, which conducts background investigations of federal employees seeking security clearances

Security breach at JMU releases thousands of employees' data ( The Breeze) On Dec. 11, it was found that an electronic file containing about 2,800 current and former JMU faculty and staff members had been accessed, according to Assistant Vice President of Information Technology Dale Hulvey

Hack hijacks electric skateboards, dumps hipsters in the gutter (Register) Hack hijacks electric skateboards, dumps hipsters in the gutter

Impersonator Bots See Steady Increase in Traffic (Infosecurity Magazine) Botnets are used for a variety of tasks, for everything from legitimate and innocent search engine indexing and RSS feed compilation to mass-scale hack attacks, DDoS floods, spam schemes and click-fraud campaigns. In its latest report on the state of the bot, Incapsula found that found that malicious bot traffic is growing, while "good bot" activity continues to decline

Bulletin (SB14-356): Vulnerability Summary for the Week of December 15, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Litigation, Investigation, and Enforcement

Is there a cyber security equivalent of 'SEAL Team Six'? (Fortune) When a cyber breach goes down…who you gonna call? Many different U.S. government agencies, it turns out

EFF: Feds can't get around Fourth Amendment via automated data capture (Ars Technica) At hearing for years-old digital snooping case, EFF and DOJ lawyers face off

Fake money forum founder charged with counterfeiting (Naked Security) A US national based in Uganda has been charged with running a major global counterfeiting operation, which used an online forum to connect buyers and sellers of forged currency

Design and Innovation

Bitcoin-based messaging could slip past censors (Naked Security) A computer science student in the Netherlands has built a way to weave messaging into the underpinnings of Bitcoin that's both cheap and resistant to censorship