Cyber Attacks, Threats, and Vulnerabilities
Suspected state hacking campaign used commercial software (Reuters via the Chicago Tribune) A previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said
Iran could be behind state hacking campaign, Israeli cyber firm says (Y Net News) Recent cyber attacks on Israel, EU military targets perpetrated by state that misused US-made security software to lead attacks; 'they don't have their own capabilities,' expert says
Attackers Leverage IT Tools As Cover (Dark Reading) The line between attack and defense tools has blurred
North Korea's internet shut down again, China and cyber experts say (News.com) NORTH Korea has suffered an internet shutdown, Chinese state media and cyber experts say, after Pyongyang blamed Washington for an online blackout earlier this week
Who's Behind The Internet Outages In North Korea, Anyway? (TechCrunch) North Korea blamed the U.S. and called President Obama a "monkey" today when the country's Internet and mobile network went down for the third time this week. However, it's still not clear who's behind the Internet outages
N Korean Websites Unstable in Cyber-Standoff With the US (Sputnik News) North Korea has been deprived of Internet access during the last four days, with its major websites down or unstable as a possible US retaliation for the infamous Sony hack
DPRK rebuffs US accusation of cyber attack on Sony movie (China Daily) The Democratic People's Republic of Korea (DPRK) on Saturday rebuffed the US accusation that Pyongyang was involved in a cyber attack on a Sony movie
MICROSOFT: Here's Why We Decided To Release 'The Interview' (Business Insider) Microsoft and Sony announced on Wednesday that "The Interview" will be available via Microsoft's Xbox Video platform
Google, Microsoft Invoke Free Speech in Statements About Streaming The Interview (Mediaite) The Interview is available to stream today on YouTube, Google Play, and Xbox, and both Google and Microsoft put out statements on their company blogs declaring this to be a victory for free speech and free expression
You won't get hacked by streaming 'The Interview' online (CNN Money) If you think hackers will hurt you for streaming "The Interview" on your computer, relax
Sony Hack Highlights The Global Underground Market For Malware (NPR) There are global underground markets where anyone can buy and sell all the malicious code for an attack like the one North Korea is accused of unleashing on Sony Pictures
What caused the Afghan government cyber-attack? (Khaama Press) While the motive of the recent cyber-attack on Afghan government websites is still not known, the incident has certainly put the Ministry of Communications and Information Technology (MCIT) on the spot and the administration and management of the IT programs and projects are under scrutiny
PlayStation Network back online after cyber attack (Arabian Business) Sony's PlayStation Network is back online one day after Microsoft's Xbox was also restored. A hacker group called Lizard Squad has claimed responsibility for the cyber attack
Lizard Squad wipes out gaming networks at Christmas time (Inquirer) Notorious hack group the Lizard Squad has continued its long campaign of gaming related mayhem by standing in front of Christmas consoles and not letting a lot of people play their brand new machines and games
Cowards Attack Sony PlayStation, Microsoft xBox Networks (KrebsOnSecurity) A gaggle of young misfits that has long tried to silence this Web site now is taking credit for preventing millions of users from playing Sony Playstation and Microsoft Xbox Live games this holiday season
Who's in the Lizard Squad? (KrebsOnSecurity) The core members of a group calling itself "Lizard Squad" — which took responsibility for attacking Sony's Playstation and Microsoft's Xbox networks and knocking them offline for Christmas Day — want very much to be recognized for their actions. So, here's a closer look at two young men who appear to be anxious to let the world know they are closely connected to the attacks
Xbox 'Hacker' Reveals Why He Attacked Consoles (Sky News) A hacker tells Sky News the Christmas Day cyber attack on Xbox and PlayStation services was "amusing" and exposed poor security
Gamers upset over another cyber attack (KNOE 8 News) A possible hack may have hit Sony again; this time interfering with its Playstation network and also taking Microsoft's X-box Live down in the cyber attack
UPDATE: 13k PSN, Xbox leak by Anonymous is copy paste from previous leaks? (HackRead) Yesterday, a Twitter account associated with the online hacktivists Anonymous claimed to leak a list of what it said were usernames and passwords of 13,000 accounts from VPNCyberGhost, UbiSoft, VCC, Brazzers, UFC TV, PSN, Xbox Live Gamers, Twitch TV, Amazon, Hulu Plus, Dell, Walmart and (EA) Games
Lizard Squad hacking gang moves from PlayStation, Xbox Live to Tor (Register) Floods network with 3,000 relays, project devs shrug
Tor Responds To The Cyber Attack On Its Network, Allegedly Executed By The Same Hacker Gang That Took Down Xbox Live And PlayStation Network (Business Insider) The Tor Project on Saturday morning acknowledged a cyber attack on this network, and provided the following statement to Business Insider
Tor Users Were Not At Risk During Attack (Ubergizmo) Lizard Squad, a hacker group, has been pretty busy over Christmas. First it knocked down PlayStation Network and Xbox Live, bringing online gaming on PlayStation and Xbox consoles to a standstill, and then set its sights on an anonymity network called Tor. Lizard Squad shifted its focus over the weekend, saying that it would "no longer attack" gaming services, and instead go after Tor with a zero-day exploit. Simply put, a zero-day exploit is one that leverages an unknown vulnerability
TorrentLocker ransomware campaign hit Spain and Italy (Security Affairs) Experts at S21sec firm recently detected a new ransomware campaign based on TorrentLocker that infected users prevalently in Italy and Spain
"Rocket Kitten": Is it still APT if you can buy it off the shelf? (Internet Storm Center) Gadi Evron and Tillmann Werner presented an interesting case at 31C3 Conference in Hamburg yesterday, that shows how commercial software can be used to launch APT style attacks. In this case, several similar attacks where discovered against targets in Israel and Western Europe. In all cases, the attack started with a simple Excel spreadsheet which was sent as an attachment [1]. The email itself was brief and unremarkable, but used fake and plausible "From" headers
Evolution of Banking Malwares, Part 2 (infosec Institute) This technique is used in scenarios where critical information such as Social Security Number (SSN) or Personal Identification Number (PIN) is otherwise not easily available
The 5 Most Dangerous Software Bugs of 2014 (Wired) Dealing with the discovery of new software flaws, even those that leave users open to serious security exploits, has long been a part of everyday life online. But few years have seen quite so many bugs, or ones quite so massive. Throughout 2014, one Mothra-sized megabug after another sent systems administrators and users scrambling to remediate security crises that affected millions of machines
Top Data Breaches of 2014 (Security) 2014 was a very busy year for hackers. For those keeping a tally of data breaches, the year offered no respite
Honey Pot Entertainment — SSH (Internet Storm Center) The Christmas period is a nice time to play with some honeypots and share some of the info they have been collecting. Currently I only have two functioning, both of them are located in the US. Each receives 20K or more login attempts per day. I'm using a standard kippo installation, running as a non root user and using authbind to run the honeypot on port 22. Results are sent to a logging server for collection
Yes, I got an iTunes gift card for Christmas — but HOW DID THE CROOKS KNOW THAT? (Naked Security) You are being doubly cautious for phishing campaigns over the holiday season, aren't you?
Hacker Generates Fingerprint of German Defense Minister from Public Photos (Softpedia) Recreating a fingerprint can be done without having access to an object touched by the targeted individual
Beware! Hackers are eyeing your car's safety features to extort money (Deccan Chronicle) Motoring experts have warned that hackers can exploit one's car by attacking the safety features to steal information, extort money or even control vehicles
TAB told who could be responsible for cyber attack (ONE News) The TAB says it is remaining vigilant after falling victim to a cyber attack - and that it has told the police who could be behind it. The betting agency's website crashed on Boxing Day after it became the target of a "concentrated cyber attack" that has caused problems since
Cyber attack takes down City of Columbia website (ABC 17) Columbia Deputy City Manager says a hacker group took responsibility for the attack on GoColumbiaMo.com
Bulletin (SB14-363) Vulnerability Summary for the Week of December 22, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Cyber Trends
Chief Security Leaders Fear They Are 'Outgunned,' Survey Reveals (Tech Times) Sony Pictures CEO Michael Lynton says he was advised that 90 percent of American businesses would have fallen victim to the cyberattack that has left his company doubled over
If It Can Happen To Sony, It Can Happen To You (Business World) Sony is only the most recent case of a major co with dedicated security teams, facing hacking. Bottom line, nobody is immune to emerging threats, says Andrew Del Matto, CFO, Fortinet, Inc
Hacks are security wake-up call (Boston Herald) Experts: Cos. need to tighten network controls
Cybersecurity Hindsight And A Look Ahead At 2015 (TechCrunch) This year we witnessed a series of high-profile security breaches, from the aftermath of the Target and Home Depot fiascos, to a number of attacks on other national retailers, including Michaels, Goodwill and Neiman Marcus. Then there was the massive breach at JP Morgan Chase, which compromised personal information of more than 83 million households and businesses, and finally over 100 terabytes of internal files and films recently stolen from Sony
Cyber landscape of 2015 (Star Online) From targeted attacks to ransomware, security firm Symantec Malaysia predicts another challenging year in cyber security
Security in 2015: Will you care about the next big breach? (CNET) From Target to Home Depot to JPMorgan, this year was a bad one for massive security breaches. Expect more of the same next year
From ransomware to cyberwar, 2015 will be a perilous year for Internet security (South China Morning Post) Will 2015 be a happy new year for internet users? Not if cyber-criminals have their way
Hacking Is Officially the Internet's Latest Craze (RYOT) Future generations might remember 2014 as the year hacking went viral. The Sony hack, may have been the first to make international headlines and capture the attention of the general public, but the aftermath from that incident has just barely subsided and already several other major hacks or threats have surfaced
Cloud security and compliance trends in 2015, according to Vormetric's C.J. Radford (TechRepublic) C.J. Radford predicts the usage of cloud applications will accelerate in 2015, says data-at-rest protection is imperative for enterprise cloud deployment, and more in this Q&A
Spyware abuse — partner tracking reaching "epidemic proportions" (We Live Security) The use of spyware software ? used to track partner?s movements, texts and even listen in on calls in realtime — has seen a dramatic rise over the past few years, according to an exclusive report by British newspaper The Independent
Marketplace
Think Ukraine couldn't possibly have a thriving tech sector? Think again (The Next Web) Ukraine has had its fair share of troubles this year, with political turmoil in the east of the country making headlines around the world. However, that doesn't seem to have harmed the country's tech sector
Industrial Control System Security Market to Top $8 Billion by 2019 (SecurityWeek) According to a new market research report from MarketsandMarkets, the global Industrial Control System (ICS) Security Market is estimated to reach $8.73 billion in 2019
Why It's Time For A Board-Level Cybersecurity Committee (Forbes) Just the past 12 months have seen one massive corporate security breach after another. Major retailers (Target, Home Depot, Neiman Marcus, Sony Pictures), e-commerce sites (eBay), and financial institutions (JP Morgan) have all been victims
Time to crack the state's shortage of cybersecurity talent (Milwaukee Journal Sentinel) In the (first) Cold War, Americans worried about nuclear attack and a retaliatory Armageddon that would have reduced the world to a smoldering wreck
Cyber Security May Be A Good Sector To Invest In For 2015 (Seeking Alpha) Cyber Security stocks should continue to perform very well in 2015. Recent breaches in the security of some major corporations show the need for more vigilance. Three companies that are and will continue to perform well in the cyber security industry
Meet 4 hot security stocks as hacking attacks make headlines (Investor's Business Daily) With major hacking attacks on Sony (NYSE:SNE) and other corporations top of mind lately, it's little wonder that security software stocks are doing well
Is this the Right Time to Buy Check Point Software Stock? — Analyst Blog (Zacks via Nasdaq) Shares of Check Point Software Technologies Ltd. (CHKP) hit a new 52-week high of $80.82 on Dec 24, eventually closing at $80.44. The closing share price represents a one-year return of 26.4% and a year-to-date return of 24.7%. The average trading volume for the last three months aggregated 1,353K shares
Raytheon's Cheap Shares Have More Firepower (Seeking Alpha) Defense sector stocks are trending higher. This industry is poised for continued growth, especially with increasing global demand for cyber security and drones. Raytheon appears undervalued and could be poised for additional gains, therefore investors should consider buying, especially on pullbacks.
Banking, ePassports driving biometrics expansion says Gemalto (Biometric Update) According to analysis from Gemalto, an international digital security company, banking and border security will continue to drive the expansion of biometrics
Technologies, Techniques, and Standards
Sony breach fuels email security fears at other companies (Los Angeles Times) You're welcome to dance like there's nobody watching. But you'd better write emails like your email provider is going to be hacked
Building a Better Security Budget (eSecurity Planet) The key to smart security spending is assessing your current environment and looking for opportunities for centralization, consolidation and standardization
New Data, Same Old Dumb Bosses: 3 Lessons (InformationWeek) Corporate overlords finally take an interest in data. Too bad they don't understand it and will be tricked by crafty short-timers
What Social Enterprises Should Know About Cyber Security (Forbes) 2014 was, of course, quite the year for revelations about cyber attacks and data breaches at major companies like Sony, JP Morgan Chase, Home Depot HD +0.18%, and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to Alexander Heid, chief research officer of SecurityScorecard, a New York-based firm that analyzes clients' security vulnerabilities
Design and Innovation
Why passwords won't die next year (or the years after that) (ZDNet) Innovation will confine passwords within a broader equation around authentication type plus value of resource
Good Riddance to Social Search (TechCrunch) Remember how not too long ago the future of search — at least according to the big search engines — was social search? Today, you'd be hard-pressed to find any mention of social search on Google or Bing (let alone Yahoo Search). Let's be thankful for that because social search was an ill-begotten idea to begin with
Research and Development
Researchers to give internet security layer (Nation) It could give every internet user access to simple encryption — and make the internet a far more secure place.
Scientists at Scentrics, working with University College London, say they have created an algorithm that can guarantee total privacy for everything from emails and text messages. Called 'the construct', they hope the system could be used to give everything from desktop machines to mobile phones simple to use encryption
Legislation, Policy, and Regulation
"The Cyber & IT Revolution is an Opportunity" (Israel Defense) The Minister of Public Security in an exclusive interview about the lessons derived from Operation Protective Edge regarding the home front, about the arguments with IMOD and about fighting terrorism and crime
Access to Gmail Is Blocked in China After Months of Disruption (New York Times) The Chinese government appears to have blocked the ability of people in China to gain access to Google's email service through third-party email clients, which many Chinese and foreigners had been relying on to use their Gmail accounts after an earlier blocking effort by officials, according to Internet analysts and users in China
China a Likely Factor in North Korea Cyber Prowess: Experts (AFP via SecurityWeek) North Korea may be facing explosive hacking accusations, but analysts are questioning how an isolated, impoverished country with limited Internet access could wage cyber sabotage — and many experts believe China plays a role
Lindsey Graham: China Had to Know About North Korean Cyber Attack (Newsmax) Sen. Lindsey Graham said Sunday that he can't imagine North Korean hackers hit Sony Pictures' computers without China knowing at least something about it
Sony to blame for cyber security failures (Global Times) While the hacking of Sony has become front-page news across the world, its true import may be in demonstrating the need for effective cyber security regulations to force businesses to treat their online security needs seriously. The success of this hack was as much due to Sony's lack of effective Internet security as it was due to any skill on the part of its attackers. It is becoming increasingly plain that Sony knew of the flaws in its online security for some time before the latest attack and yet failed to rectify them in order to protect both the business and its employees from the attack
In Battle to Defang ISIS, U.S. Targets Its Psychology (New York Times) Maj. Gen. Michael K. Nagata, commander of American Special Operations forces in the Middle East, sought help this summer in solving an urgent problem
U.S. cannot afford to be behind in cyber security (San Diego Union Tribune) The North Korean hack attack on Sony Pictures, which The New York Times described as possibly one of the most destructive cyber attacks on American soil, highlights growing concerns about American vulnerability to cyber warfare
Stopping the Next Cyberassault (Wall Street Journal) Congress needs to expand private-sector access to classified intelligence about threats
Keating Says Law Will Boost Intelligence-Sharing (CBSBoston) A Massachusetts congressman says a new law proposed in the aftermath of the 2013 Boston Marathon bombing will help strengthen intelligence-sharing among federal, state and local law agencies
Litigation, Investigation, and Law Enforcement
DoJ's new cybersecurity office to aid in worldwide investigations (Federal News Radio) The Justice Department is taking its cyber crime-fighting efforts to a new level with the addition of a new cybersecurity unit. The unit will be operating under DoJ's Computer Crime and Intellectual Property section, and will serve to offer legal advice for cyber crime investigations worldwide
On Christmas Eve, NSA quietly releases 12 years worth of internal reports (Ars Technica) Less law-abusing, more human error — like sensitive info sent to the wrong printer
51% of UAE users faced financial cyber-attacks in 2014 (Emirates 24/7) One victim in five lost over $1,000 to online fraud: Kaspersky
Facebook to face lawsuit for 'reading' users' messages. (HackRead) U.S District Judge Phyllis Hamilton ruled that Facebook must "face the consequences" of violating its users' privacy by actually scanning the messages they have been sending to other users as a form of advertising
Judge: It's OK, Cops can trick you to be their friends on Instagram. (HackRead) A serial burglar named Daniel Gatson has a pretty interesting Instagram account, it is private so you need to request to follow him. Gatson posts pictures of cash and jewelry on his account as cops discovered after they created fake Instagram accounts and, following a request to the burglar, got access to his posts
Silk Road Money Laundering: Bitcoin Pioneer Charlie Shrem Jailed for 2 Years. (HackRead) The Silk Road marketplace was shut down back in 2013 because law enforcement agencies raided them with the accusation of buying and selling illegal drugs
Cyber swatting hits close to home (Burnett County Sentinel) The 911 call at 1:50 a.m. Thursday morning was about a boy in Grantsburg who shot his mom. An hour later, another 911 call described the same boy stabbing his dad