More Signal. Less Noise.

V3 | Issue 244 | 12.22.14

The CyberWire Daily Briefing 12.22.14

Summary

By The CyberWire Staff

Several bits of information about the Sony hack come to light. The attack apparently involved months of preparation: reconnaissance and planting of "time bombs." The attack code used in the campaign reportedly involved a great deal of recycled techniques and malware (which leads to lingering suspicion that Iranian suppliers may have been involved). And Sony is said to still suspect some insider collaboration with external attackers.

Voices of skepticism aside, the US sticks to its attribution of the attack (which President Obama characterizes as an act of cybervandalism as opposed to cyberwar) to North Korea. The DPRK, of course, denounces the attribution as "slander," and cheekily offers to help the Americans with their inquiry. That offer will obviously be declined, but the US is seeking help from China, specifically a blockade of DPRK Internet access. The "proportional" response the US is mulling could also include information operations, difficult enough in a country that's largely airgapped itself through censorship and a policy of poverty, but still something the Kim regime seems to fear.

Many observers continue to speculate that Kim's long game is infrastructure attacks (and indeed there was recently a successful hack of a South Korean nuclear power provider — attribution unclear, but nominally the work of anti-nuclear hacktivists), but its proximate effect has been to increase business fears of cyber-extortion.

Ordinary cyber criminals, naturally, remain active. Banking Trojans Vawtrak and Zeus circulate in evolved, dangerous variants. Gangs install ATM malware from within banks. Office retailer Staples discloses a point-of-sale breach.

Notes.

Today's issue includes events affecting Australia, Bolivia, China, Egypt, European Union, France, Germany, Iran, Iraq, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Morocco, Netherlands, Russia, Spain, Syria, Uganda, United Kingdom, and United States.

The CyberWire staff will be taking Christmas off to celebrate the holiday with their families. Regular publication will resume December 26 (interrupted again for New Year's Day, then resuming as usual on January 2).

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Sony Hackers Snooped for Months, Then Planted 10-Minute Time Bomb (Bloomberg) Hackers who broke into Sony Corp.'s Hollywood unit probably spent months collecting passwords and mapping the network before they committed a last act of vandalism, setting off a virus that wiped out data and crashed the system in 10 minutes

Sony Executives Suspect an Insider in the Cyberattack (Movie News Guide) While North Korea is still the main suspect to the massive cyberattack against Sony on Nov. 24, 2014, the executives of the company are starting to suspect it was an inside job. They assure that no outside source could perfectly hack Sony's network

Sony Hackers Used a Half-Dozen Recycled Cyber-Weapons (Bloomberg) The cyber attack that turned Sony's movie studio upside down relied heavily on old software and schemes, according to research from an Israeli cybersecurity company

FBI Officially Concludes That North Korea Is Responsible for the Sony Hack (Softpedia) The investigation into the incident is not over yet, but from the clues found by its agents, the FBI has drawn the conclusion that the North Korean government is responsible for the attack on Sony network

U.S. Finally Officially Condemns Sony Cyber-Attack by North Korean Cyber-Terrorists (eNews Channels) John Kerry, U.S. Secretary of State made the following statement today in Washington, D.C.: The United States condemns North Korea for the cyber-attack targeting Sony Pictures Entertainment and the unacceptable threats against movie theatres and moviegoers. These actions are a brazen attempt by an isolated regime to suppress free speech and stifle the creative expression of artists beyond the borders of its own country

Homeland Security chief calls Sony hack 'an attack on our freedom of expression' (The Verge) On the heels of today's FBI statement officially naming North Korea as responsible for the hack on Sony Pictures, Homeland Security chief Jeh Johnson has put out a statement denouncing the attack and emphasizing his department's cybersecurity efforts. "The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees," Johnson said in the statement. "It was also an attack on our freedom of expression and way of life." The release of The Interview, which is thought to have provoked the attack, has been cancelled, and the attackers have asked Sony Pictures executives to erase all traces of the film to prevent future leaks. President Obama is expected to address the matter later today

UPDATED — FBI Confirms N. Korea Behind Sony Attack; Admin May Put Back On Terrorism List (HS Today) The FBI confirmed Friday that as a result of its investigation into the cyber attack targeting Sony Pictures Entertainment "in close collaboration with other US government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions"

North Korea denies hacking Sony, U.S. stands by its assertion (Reuters) North Korea said on Saturday U.S. accusations that it was involved in a cyberattack on Sony Pictures were "groundless slander," and that it wanted a joint investigation into the incident with the United States

North Korea proposes joint probe with U.S. into Sony cyber attack: KCNA (Reuters) North Korea proposed a joint investigation with the United States on the cyber attack against Sony Pictures, calling the charge by the FBI that it was behind the attack "slander", state media said on Saturday

Obama vows U.S. response to North Korea over Sony cyber attack (Reuters) President Barack Obama vowed on Friday to respond to a devastating cyber attack on Sony Pictures that he blamed on North Korea, and scolded the Hollywood studio for caving in to what he described as a foreign dictator imposing censorship in America

Obama: North Korea's actions are cybervandalism, not war (McClatchy) President Barack Obama said Sunday that he does not think a recent North Korean cyberattack against Sony Pictures Entertainment was "an act of war." But, he told CNN's Candy Crowley on "State of the Union" that it was a very expensive act of cybervandalism

U.S. Asks China to Help Rein In Korean Hackers (New York Times) The Obama administration has sought China's help in recent days in blocking North Korea's ability to launch cyberattacks, the first steps toward the "proportional response" President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials

Opinion: In response to Sony hack, US should focus on China not North Korea (Christian Science Monitor: Passcode) President Obama has few good options from deterring North Korea from attacking — but he might be able to convince Beijing

What does a cyber counterattack look like? (Politico) President Barack Obama promised at his year-end news conference Friday that the U.S. will respond "proportionally" to North Korea's cyberattack against Sony Pictures Entertainment, but the conventional options available to him are ineffective, merely symbolic or a bad risk because they might lead to a larger military conflict

U.S. should respond aggressively to cyber attack, expert says (Hawaii Reporter) The attack on Sony Pictures and threats to the movie industry cannot be tolerated, one of the nation's leading security experts says. Lynn Mattice is president and CEO of the National Economic Security Grid, a non-profit organization focused on educating small and medium sized enterprises on a broad range of threats they face

What should the U.S. do in response to North Korea? Nothing more (GeekWire) The past 24 hours have seen the Sony hack attack take us even further into new, uncharted territory

North Korea barely has the Internet. And that could be good defense in a cyberwar. (Washington Post) The U.S. government on Friday publicly named North Korea as the culprit in a destructive cyberattack against Sony Pictures Entertainment. But what exactly the United States can do about it is unclear, especially if the government wants to launch a counter cyberattack against the secretive nation

What we know about North Korea's cyberarmy (IDG via CSO) The attack on Sony Pictures has put North Korea's cyberwarfare program in the spotlight. Like most of the internal workings of the country, not much is known but snippets of information have come out over the years, often through defectors and intelligence leaks

For North Korea's cyber army, long-term target may be telecoms, utility grids (Reuters) The hacking attack on Sony Pictures may have been a practice run for North Korea's elite cyber-army in a long-term goal of being able to cripple telecoms and energy grids in rival nations, defectors from the isolated state said

North Korea's legacy of terrorism goes far beyond hacking (Washington Post) A disastrous hack of Sony Pictures and the subsequent cancellation of "The Interview" has rightly been taken as a sign of the growing threat of cyberwarfare in the modern age. Many observers now wonder whether North Korea's actions (assuming it really is North Korea) constitute some new form of online terrorism

US officials blame North Korea, but absolute attribution in Sony hack may be elusive (Christian Science Monitor: Passcode) Investigators can take weeks and even months to piece together an attack, especially a major one of the kind that hit Sony. Even then, it's often impossible to assign blame with 100 percent accuracy

Security experts: FBI report light on evidence linking North Korea to Sony hack (Christian Science Monitor: Passcode) The FBI statement that linked the Sony hack to North Korea relied on previously released and inconclusive evidence, said many cybersecurity insiders

Pro-DPRK Groups like Chongryon Could Be Aiding In #SonyHack: FBI Provides An Update Including Some Tech Details (ThreatBrief) The FBI just posted the first official written articulation of why they believe North Korea is linked to the ongoing Sony Hack

Iran Another Suspect Behind Sony Cyberattack (AP via CBS News) The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle clues in the hacking tools left behind and the involvement of at least one computer in Bolivia previously traced to other attacks blamed on the North Koreans

Sony hack reveals threat of 'psychological' cyber warfare (The Hill) The Sony Pictures hack has forced Americans to confront an aspect of cyber warfare common overseas but rarely discussed domestically — psychological cyberattacks

A Former Sony Pictures Exec Defends The Decision To Pull ‘The Interview’ (TechCrunch) Late last week, TechCrunch had a chat with former Sony Pictures Chief Digital Strategy Officer Mitch Singer to discuss the motivations that likely went into Sony deciding to pull "The Interview" from theaters and the implications of that decision

"The Interview" Censorship Protestors Screen Chaplin's Hitler Parody "The Great Dictator" (TechCrunch) A clandestine invite to a "secret screening to protest against censorship" of The Interview did not lead to a showing of the North Korea-skewering film at the center of the Sony Pictures hack. It did raise money for free speech charity Article 19, though. Instead, attendees in London, Rome, and San Francisco who were instructed to come "dressed in a dark suit, and bring a small gift for a stranger" were shown screenings of Charlie Chaplin's The Great Dictator

Sony hack adds to security pressure on companies (San Diego Union-Tribune) Faced with rising cybercrime like the attack on Sony Pictures Entertainment, companies worldwide are under pressure to tighten security but are hampered by cost and, for some, reluctance to believe they are in danger

The High Water Mark? (Security Info Watch) The Sony hack and subsequent damage control should mean something to every business owner

Game Change: Three Reasons Why #SonyHack Will Change Security (CTOVision) UPDATED: on 12/19/14, the FBI officially declared North Korea to be the aggressor behind the Sony Pictures Entertainment hack. The evidence published is circumstantial and probably would not stand up to scrutiny in a court of law. However, we do not know what other out-of-band information, such as SIGINT, HUMINT, and intelligence from other nations' intelligence agencies may have played into this determination. We do know it is highly unusual to conclusively determine attribution of an attack, especially this soon after the attack has occurred

South Korea nuclear plant operator says hacked, raising alarm (Reuters) Computer systems at South Korea's nuclear plant operator have been hacked, the company said on Monday, sharply raising concerns about safeguards around nuclear facilities in a country that remains technically at war with North Korea

South Korean Nuclear Operator Holds Cyberattack Drills After Hack (TIME) Hackers threaten people to "stay away" from three nuclear reactors unless they are closed by Christmas

Private School Threatened: Pay $1M or Cyber-Attack (NBC Philadelphia) Hot on the heels of the infamous Sony hack, Pine Forge Academy in Berks County is facing a similar threat if it doesn't pay $1 million to a person claiming to be with a group called Heart of the People

Information-stealing 'Vawtrak' malware evolves, becomes more evasive (Naked Security) Vawtrak, as we described in detail in our recent technical paper, is a dangerous banking Trojan that is actively being updated and improved on a regular basis

New Zeus variant targets users of 150 banks (Help Net Security) A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan

Solo attacker likely responsible for phishing campaign, delivering Zeus variant (SC Magazine) Phishing emails, a phishing kit and phony browser alerts are being used to steal credentials and deliver a variant of the Zeus trojan, and researchers with PhishLabs — the security firm that identified the threat — believe the operations are being carried out by a single individual

TorrentLocker Ransomware Spreading Fast: Report (Infopackets) A new report from security firm ESET finds that the TorrentLocker ransomware scam has now encrypted an estimated 285 million files. Unfortunately, ESET security experts don't see the rate of infections dropping off any time soon

CryptoLocker Copycat Hits Australians via Emails (Softpedia) A new ransomware trying to monetize on the name of the infamous CrytoLocker ransomware has been observed to be served to unsuspecting Australians in emails claiming to be from the Office of State Revenue, in connection to paying a fine for speeding

Gang Hacked ATMs from Inside Banks (KrebsOnSecurity) An organized gang of hackers from Russia and Ukraine has broken into internal networks at dozens of financial institutions and installed malicious software that allowed the gang to drain bank ATMs of cash. While none of the victim institutions were in the United States or Western Europe, experts say the stealthy methods used by the attackers in these heists would likely work across a broad range of western banks

Tor warns users of possible attempt to disable its network (Pando Daily) The Tor Project has issued a statement warning that it has learned of a possible "attempt to incapacitate our network in the next few days." The statement doesn't identify the source of the alleged threat but warns an attack might come "through the seizure of specialized servers in the network called directory authorities"

The 'grinch' isn't a Linux vulnerability, Red Hat says (PCWorld) The "grinch" Linux vulnerability that Alert Logic raised alarms about Tuesday is not a vulnerability at all, according to Red Hat

Linux 'GRINCH' vuln is AWFUL. Except, er, maybe it isn't (Register) Securo-bods in bunfight over priv-escalation problem

Serious NTP security holes have appeared and are being exploited (ZDNet) A network time protocol security hole has been discovered and there are reports that exploits already exist for it and are being used in attacks

It Starts With an Email… How a Hacking Gang Has Stolen $17 Million From Banks and Retailers Since 2013 (Tripwire: the State of Security) Researchers at Group-IB and Fox-IT have today published a detailed report, exploring a Russian hacking gang called Anunak which has successfully stolen over one billion rubles ($17 million) from the banking industry and Western retailers

AutoIT-based POS Malware 'Sparks' Fresh Threat (Infosecurity Magazine) A variant of the Alina malware, used to scrape credit card (CC) data from point of sale (POS) software, has been rampaging its way through the wild lately — using a sophisticated twist in approach that involves AutoIT

Staples comes clean: 1+ million bank cards at risk after hack (Register) Run for the tills! Run for the tills!

Alert (TA14-353A): Targeted Destructive Malware (US-CERT) US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool

Misfortune Cookie Takes Bite Out of Internet Security (Tom's Guide) This cookie wants to take a bite out of you: A serious security flaw called Misfortune Cookie affects more than 12 million routers, modems and other "gateway devices" — as well as all the devices connected to them, from computers, smartphones and tablets to "smart home" devices such as toasters, refrigerators, security cameras and more

Vulnerability Note VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager (CERT &#124 Software Engineering Institute &#124 Carnegie Mellon University) Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device. According to Check Point's advisory, the vulnerability was addressed by Allegro in 2005 but is present in current or recent firmware releases of many devices

ICANN: The TRUTH about that hacker attack on our DNS zone file database (Register) But vague details raise questions about org's security

Cheap Black Friday/Cyber Monday Android tablets riddled with vulnerabilities and security headaches (ZDNet) Cheap tablets on offer over Black Friday and Cyber Monday may have seemed like a good deal, but security researchers warn that some of these devices may be riddled with vulnerabilities, security misconfigurations, or even security backdoors

48,000 Federal Employees Potentially Affected by Second Background Check Hack (Nextgov) The Office of Personnel Management is alerting more than 48,000 federal employees their personal information may have been exposed following a breach at KeyPoint Government Solutions, which conducts background investigations of federal employees seeking security clearances

Security breach at JMU releases thousands of employees' data ( The Breeze) On Dec. 11, it was found that an electronic file containing about 2,800 current and former JMU faculty and staff members had been accessed, according to Assistant Vice President of Information Technology Dale Hulvey

Hack hijacks electric skateboards, dumps hipsters in the gutter (Register) Hack hijacks electric skateboards, dumps hipsters in the gutter

Impersonator Bots See Steady Increase in Traffic (Infosecurity Magazine) Botnets are used for a variety of tasks, for everything from legitimate and innocent search engine indexing and RSS feed compilation to mass-scale hack attacks, DDoS floods, spam schemes and click-fraud campaigns. In its latest report on the state of the bot, Incapsula found that found that malicious bot traffic is growing, while "good bot" activity continues to decline

Bulletin (SB14-356): Vulnerability Summary for the Week of December 15, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Google Introduces Content Security Policy for Gmail (Computer Business Review) W3C standard to be deployed on the desktop version of Gmail

Vulnerability Note VU#852879: Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (CERT &#124 Software Engineering Institute &#124 Carnegie Mellon University) The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keyserview The Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys

Cyber Trends

Cyber-war or cyber-peace? (Security Affairs) Equilibria in cyberspace are evidently unstable and many experts believe that we are in the midst of a cyber-war… there is the urgency of a regulation

Why cyber warfare is so attractive to small nations (Fortune) Enabled by Internet connectivity, cyber war provides more bang for the buck than investment in conventional weapons

Government hacks and security breaches skyrocket (CNN) The North Korean hack of Sony Pictures that unleashed proprietary information, leaked embarrassing emails and brought the multi-billion dollar company's operations to its knees was unprecedented. But cyber security and intelligence experts warn that this is only the beginning

The Internet's Winter Of Discontent (Dark Reading) The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world's connected economy is that the hits just keep on coming

Cybercrime will continue to evolve (Help Net Security) The breadth and depth of the data breaches seen by the world in 2014 was shocking — spanning major banks, e-commerce giants, healthcare giants, casinos and others, exposing hundreds of millions of usernames, passwords and credit card details. The coming year will be no different, and businesses and consumers need to be prepared for continued changes in the cybercrime landscape

Security News No One Saw Coming In 2014 (Dark Reading) John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year

5 Worst Security Fails of 2014 (Tom's Guide) From start to finish, 2014 was chock-full of embarrassing security failures. Executives' emails, starlets' nude photos and your credit-card numbers all got into the hands of bad people who seemed to run rampant over the Internet without restraint

Top 10 Social Media Fails Of 2014 (InformationWeek) Businesses learn lessons the hard way when their social media posts go wrong. Have a look at the businesses that made this year's naughty list

Are Electronic 'Back Doors' Unintentionally Helping Hackers? (Knowledge @ Wharton) For global insurance firms, cyberattacks have become the most threatening of all emerging risks, according to a survey conducted recently by Guy Carpenter & Co., the risk and reinsurance specialists. Over the past two years, hackers have infiltrated major airlines, energy companies and defense firms, among many other businesses

Don't Mug Me For My Password! (InformationWeek) In today's information-based world, crooks are targeting mobile devices -- and the data on them. The healthcare industry is particularly vulnerable

How will your data be at risk in 2015 (ITProPortal) The world of information security is, as we know, a constant arms race between the hackers and cyber criminals and the protection industry

2015 Industry Predictions Part 3: Defense, Response, Collaboration (Infosecurity Magazine) No industry sector can afford to stand still or rest on its laurels, but the burden of adapting to new challenges falls particularly heavily on infosec professionals. Failing to keep up with change in some other aspect is unlikely to affect an organization as badly as outdated security practice and policy. You only need to open a newspaper to see evidence of that

OPSWAT Survey Finds Malware Breaches in Companies Commonplace (PRWeb) 51% of surveyed IT administrators experienced a recent malware breach, emphasizing the importance of employee education and multi anti-malware scanning

Marketplace

Post Sony hack, security appliance market remains red-hot (Channel Mics) Growing security concerns continue to boost appliance sales

Sony Hack Fallout Highlights Value Of IT Security Spending, Analyst Says (TheStreet) The hacking of Sony's (SNE) Sony Pictures unit shows that spending more on IT security is worthwhile for companies, Wells Fargo analyst Gray Powell wrote in a note to investors today

Venture capitalist Ted Schlein anoints the next hot cybersecurity startups (Christian Science Monitor: Passcode) Schlein talks about his latest investments, some of the myths about cybersecurity, and what it will take for the new crop of security startups to keep up with sophisticated hackers

BlackBerry Completes Acquisition of German Anti-Eavesdropping Firm (SecurityWeek) Smartphone maker BlackBerry Limited announced on Friday that it has completed its acquisition of Secusmart GmbH, a provider of high-security voice and data encryption and anti-eavesdropping solutions

Symantec: A Long-Term Investment Opportunity In An Attractive Tech Stock (Seeking Alpha) Symantec is the second top-ranked stock in my portfolio. Symantec will continue to benefit from the increasing demand for anti-hacking tools and from its new partnership with HP to develop a new Disaster Recovery as-a-Service solution. Symantec is generating strong cash flows and returns value to its shareholders by stock buybacks and dividend payments

Startup Profile: Seculert Prioritizes Response Over Prevention (InformationWeek) The cloud security newcomer Seculert aims to identify and validate data breaches to enable faster response and remediation

Verint Receives 2014 Asia Pacific Market Share Leadership Award from Frost & Sullivan for Seventh Consecutive Year (CSO) Verint® Systems Inc. (NASDAQ: VRNT) today announced that it has received the "2014 Asia Pacific Market Share Leadership Award" from Frost & Sullivan. This marks the seventh consecutive year that Verint has received this distinction in the Call Monitoring Systems category from the global analyst and consultancy firm, underscoring its innovation, growth, strong partner ecosystem, and ability to help customers achieve their business goals through the use of proven quality monitoring and customer engagement optimisation solutions

Tenable Network Security Earns GSN Homeland Security Award for Best Continuous Monitoring Solution (Herald Online) Tenable Network Security®, Inc., the leader in continuous network monitoring, today announced it has been named a winner of the GSN 2014 Homeland Security Awards in the Best Continuous Monitoring Solution category

Gartner's Magic Quadrant positions Gemalto as a leader in user authentication (Globe Newswire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has again been positioned as a Leader in Gartner's December 1, 2014 Magic Quadrant for User Authentication, out of the 18 vendors assessed by Gartner. The vendors surveyed in the Magic Quadrant are evaluated based on two main criteria: completeness of vision and ability to execute

FortyCloud Wins UP-START 2014 Cloud Award for Best Cloud Security Solution (Virtual Strategy Magazine) FortyCloud today announced that it has been selected as the winner for Best Cloud Security Solution at the 2014 UP-START Cloud Awards

Hexis Appoints EMEA Executives to Oversee HawkEye and NetBeat Product Lines; Strategic New Hires Help Define Sales Approach and Foster Growth (Nasdaq) Expanded European and Middle East presence marked by onboarding a dozen new associates and strong momentum signing VAR partners

Products, Services, and Solutions

The App That Makes It Incredibly Easy For Hackers To Break Into Your iPhone Just Got Even Scarier (Business Insider) Elcomsoft Phone Breaker, the app that some think hackers used to break into Kate Upton's iCloud account in September, just got a massive update that makes it even easier to steal information

OpenDNS Partners With Three Security Vendors To Mount Unified Defense Against Cybercriminals (CRN) Hackers and cybercriminals share intelligence, so why shouldn't security solutions?

Security app warns of threats, leads users to safety (PoliceOne) Experience police and military veterans alert civilians of nearby threats and guide them to safety

Pulse Secure Simplifies Secure Device Onboarding and Compliance for BYOD (Business Wire) Pulse Secure, a leading provider of access and mobile security solutions to the enterprise and service providers, today released new functionality for its Connect Secure and Policy Secure solutions that simplify the deployment of secure network access services and address key challenges of BYOD. The new solutions offer automated onboarding of PCs and mobile devices, streamlined remote connectivity and expanded compliance enforcement

Technologies, Techniques, and Standards

WatchGuard Technologies Urges Action, Not Panic for IT Professionals in Face of Sony Attack (Virtual Strategy Magazine) WatchGuard's Global Director of Security Strategy predicted a "Hollywood"-worthy infrastructure attack a year ago today

Decrypt This: OS Security Showdown (Digital Trends) 2014 has been a tumultuous year for personal security. Through the continuing revelations of NSA leaks, North Koreans shutting down Sony, and the big bad bug that made everyone's Heart Bleed, the past twelve months have shown that the hairiest of hacks are almost always in the last place you'd think to look

Hacking And The Honeypot Trap (Design & Trend) Earlier this year, the U.S. Postal Service was hacked

Cloud VPN Security Recommendations (Infosec Institute) A VPN (Virtual Private Network) enables connections between clients and servers from multiple different internal networks across a public network (like the Internet) as if the nodes were located in the same private network. Since the communication is transferred across the public network, it must be properly encrypted to prevent eavesdropping. When a user is connected to the VPN connection, he/she can access the extended network services the same way as if they were located with its private network

Smart grid security certification in Europe (Help Net Security) ENISA issues a report on smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries

Buck Rogers Leads BOE's Hackersin 21st Century Cyberwar (Bloomberg) Buck Rogers is the man behind the Bank of England's latest cyber security campaign. Unlike the comic book hero, he doesn't battle radioactive mutants or aliens. His foes are the 21st century humans who use computers as weapons

Endpoint security fundamentals: The business case for antimalware protection (TechTarget) Expert Ed Tittel explains why all organizations, no matter their size, need to protect endpoints with antimalware products

Cybercriminals won't take a vacation this holiday season (Help Net Security) The holiday period is a time to celebrate with family and loved ones. Unfortunately, cybercriminals will use the season to take advantage of businesses as IT staff and end users relax their guard heading into the end of year. With that in mind, GFI Software is reminding both organizations and consumers to stay vigilant this year and is providing helpful tips on how to increase online safety and spot attempts at holiday cybercrime

Design and Innovation

Bitcoin-based messaging could slip past censors (Naked Security) A computer science student in the Netherlands has built a way to weave messaging into the underpinnings of Bitcoin that's both cheap and resistant to censorship

Legislation, Policy, and Regulation

EU to demand 2-factor for online payments by August 2015? (Naked Security) The European Banking Authority (EBA), the EU body tasked with supervising and regulating the banking sector, has issued a new set of guidelines on the security of internet payments

Positive steps on the road towards harmonization of global cybersecurity risk management frameworks (Microsoft Cyber Trust Blog) Around the world, governments are pursuing initiatives to protect their cyberspace, developing national cybersecurity strategies, considering information sharing incentives, and assessing baseline security protections. Two important initiatives with the potential to be impactful far beyond national borders have been unveiled in the European Union (EU) and the United States over the past two years. First, the U.S. government encouraged businesses to adhere to a set of technical and organizational recommendations in its voluntary Cybersecurity Framework. Now, the EU is discussing the Network and Information Security (NIS) Directive, legislation that envisions mandatory cybersecurity requirements, the scope and detail of which will be critical to its effectiveness

Morocco, a strategic partner in anti-terror cooperation with Sahel-Sahara Countries, EU (North Africa Post) The European Union recognized the strategic role played by Morocco in anti-terror struggle as indispensable and called for enhanced cooperation between the North African nation and the countries of the Sahel-Sahara region in order to fight more effectively terrorist networks

Chertoff: We Need a Clear Doctrine of Deterrence to Cyber Attacks (TIME) And just as we did not abandon our aviation system after 9/11, we should defy demands that we curtail our free speech

Obama could stifle North Korea's shakedown of Sony (Washington Times) The American people now have a censor — North Korean dictator Kim Jong Un, and they can thank President Obama's failure to defend their rights to free speech and privacy

White House Issues Impotent Response to Cyber Attack (Breitbart) The White House, in its usual impotent way, responded to the cyber attack on Sony Studios with a barrage of verbiage. White House spokesman Josh Earnest intoned that the attacks were executed by a "sophisticated actor with malicious intent… We believe that this destructive activity merits an appropriate response. There are a range of options that are under consideration right now. The president considers this to be a serious national security matter"

Lawmakers laud 'historic' cyber laws (The Hill) The cyber bills signed into law Thursday by President Obama are "a historic step in bolstering our national security," said Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.)

Congressional Passage of Cybersecurity Bill Is a Triumph for Automation, Groups Say (Power) The Cybersecurity Enhancement Act of 2014 that cleared Congress last week and was presented to President Obama on Monday has the backing of automation organizations

CISA Supporters Use Sony Pictures Security Breach To Push Bill (GamePolitics) We knew it wouldn't be long before some politicians and bureaucrats took the opportunity to use Sony Pictures' recent security breach as a way to push questionable cybersecurity legislation. The White House declared the Sony security breach a "national security issue" yesterday and today the FBI claimed that North Korea was directly involved in the hack

Egypt relieves spy chief for 'health reasons' (World Bulletin) Al-Sisi has appointed Gen. Khaled Fawzi, head of the National Security Agency, as the acting intelligence chief

Litigation, Investigation, and Law Enforcement

Is there a cyber security equivalent of 'SEAL Team Six'? (Fortune) When a cyber breach goes down…who you gonna call? Many different U.S. government agencies, it turns out

EFF: Feds can't get around Fourth Amendment via automated data capture (Ars Technica) At hearing for years-old digital snooping case, EFF and DOJ lawyers face off

Fake money forum founder charged with counterfeiting (Naked Security) A US national based in Uganda has been charged with running a major global counterfeiting operation, which used an online forum to connect buyers and sellers of forged currency

Industry Events

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Cybersecurity World Conference (New York, New York, USA, Jan 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting the information of today's enterprises and government agencies, respectively. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, cyber security in the Internet of Things age, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, Jan 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by 2017. The Western Europe region alone is estimated to contribute $28.1 billion to this industry, driven by changing threats and technologies. These briefings aim to provide the latest information on Cyber Security & IT markets in Europe

FloCon 2015 (Portland, Oregon, USA, Jan 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, Jan 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency

ShmooCon (Washington, DC, USA, Jan 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

FIC 2015 (Lille, France, Jan 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, Jan 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, Jan 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

AppSec California (Santa Monica, California, USA, Jan 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, Jan 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference

Starting a New Year: Financial Incentives for Cybersecurity Businesses (Columbia, Maryland, USA, Jan 27, 2015) Learn the details from the experts! How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credits. Panelists include: Andrew Bareham, Principal, KatzAbosch; Elaine McCubbin, Tax Specialist DBED Maryland; Beth Woodring, Catalyst Fund Manager, HCEDA. The distinquished panel will by moderated by Lawerence F. Twele, CEO, Howard County Economic Development Authority

Cyber Security for Critical Assets: Chemical, Energy, Oil, and Gas Industries (Houston, Texas, USA, Jan 27 - 28, 2015) Cyber Security for Critical Assets Summit will connect Corporate Security professionals with Process Control professionals and serve to provide a unique networking platform bringing together top executives from USA and beyond. They are coming together not only to address the continuing cyber threats and set precautions framework, but most importantly to provide necessary tools, insights and methodological steps in constructing a successful secure policy. These policies will after all protect the critical assets needed to safeguard their company assets

Data Privacy Day San Diego — The Future of IoT and Privacy (San Diego, California, USA, Jan 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues facing consumers and business, including in-depth panel discussions on privacy, the Internet of Things (IoT), and many other critical topics

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.