Cyber Attacks, Threats, and Vulnerabilities
NYSE floor trading halted; no sign of cyberattack (CNBC) Trading in all symbols was halted on the New York Stock Exchange floor Wednesday due to an apparent technical issue. The NYSE tweeted that there was no sign of a cyberattack
Website of Ministry for Euro-Atlantic Integration of Georgia, NATO Hacked by ISIS Hackers (HackRead) The ISIS hackers just hacked a high-profile website funded by the European Union
What ISIS Learned From the Cartels (Daily Beast) Social media. Beheadings. Dogma. Empty promises. ISIS is copying the Mexican cartel playbook to a T
Pizza Hut Israel Website Hacked with a Warning for Indian Government (HackRead) You've seen us posting news about pro-Palestinian hackers targeting Israeli sites or vice versa, but did you ever think of Bangladeshi hackers targeting Israeli website to post a message against India? Well, it happened today
Flash malware that gives you a free security update (Naked Security) After a quiet period where you might have thought that cybercrooks had given up on Flash, Adobe's browser plugin is back in the news
Hacking Team Flash Zero Day Weaponized in Exploit Kits (Threatpost) Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team
Hacking Team Adobe Flash Zero-Day Exploited By Money-Hungry Criminals (Forbes) In recent years, crypto luminary Bruce Schneier has noted that today's surveillance tools are tomorrow's cybercriminal playthings. Hacking Team has offered proof of that, as one of its zero-days — unpatched and previously-unknown software vulnerabilities — is being exploited by crooks
Turn FLASH OFF NOW until the patch comes: Hacking Team exploit is in the wild (Register) It's out there and you're wide open to it until tomorrow
Hacking Team, the Surveillance Tech Firm, Gets Hacked (Wall Street Journal) A company that sells software allowing governments to hack into computers has itself been hacked, and files posted late Sunday indicate it sold surveillance technology to dozens of countries, including Sudan, Egypt, Russia and the U.S
Mexico Is Hacking Team's Biggest Paying Client — By Far (Vice) Mexico is by far the biggest paying client of Hacking Team, the Italian cyber-surveillance firm now at the center of a massive hack of its internal data, documents show
Hacking Team scrambling to limit damage brought on by explosive data leak (Help Net Security) Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies?
Behind the curtain of the Hacking Team hack (CSO) The world watched on as Hacking Team was publicly stripped and flogged — virtually at least — over the last couple days. My colleague Steve Ragan covered the unfolding events in exquisite detail and today the dust continues to settle as we sift through the 400GB of leaked data and find the salacious, juicy tidbits
Meet the hackers who break into Microsoft and Apple to steal insider info (Ars Technica) Almost 50 companies have been hacked by a shadowy group
Flaw allows hijacking of professional surveillance AirLive cameras (Help Net Security) Nahuel Riva, a research engineer from Core Security, discovered vulnerabilities in AirLive's surveillance cameras designed for professional surveillance and security applications. He was able to invoke some CGIs without authentication, while backdoor accounts allowed him to execute arbitrary OS commands on the device
Android malware masquerades as Nintendo game emulator (IDG via CSO) A new family of Android malware adds insult to injury by making users pay for the data-stealing application
Gunpoder Android Malware Hides Malicious Behaviors in Adware (Threatpost) A stream of new Android malware infections is sounding a harsh tone on two fronts: hackers are making free and open source applications their own; and legacy security software needs to step up detection of adware behaving maliciously
6 Emerging Android Threats (Dark Reading) A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month
Whoa! Nearly 5,000 new Android malware samples discovered each day in Q1 2015 (Graham Cluley) A security firm has revealed that nearly 5,000 unique Android malware files were created each day during the first quarter of 2015
Profiling and Investigating Abnormally Malicious Chinese Autonomous Systems With WEBINT (Recorded Future) CHINANET AS 23650 in Jiiangsu province is part of a highly modern TIER 4 network owned by China Telecom, claimed to be the world's largest. We compare CHINANET AS 23650 to other autonomous systems part of CHINANET as well as additional independent autonomous systems. By comparison, AS 23650 is abnormally malicious over time, with some co-occurring activities in adjacent CHINANET infrastructure. We identify the likely location of the problematic activity. We find indications that third-party hosters with less than great reputation, such as MangoNet, are selling capacity on CHINANET, and hence potentially polluting the CHINANET infrastructure
Hacker attacks gambling websites, demands Bitcoin ransom (Phys.org) A hacker shut down four New Jersey Internet gambling sites for half an hour last week and threatened more cyberattacks over the holiday weekend unless a ransom was paid using the online currency Bitcoin, authorities said Tuesday
Another system-wide computer glitch grounded United Airlines this morning (Quartz) Travelers with tickets for United Airlines flights were stopped cold at US airports this morning, due to a system-wide computer glitch. Starting around 7:30 am ET, passengers were unable to check in for their flights and all United planes not currently in the air were grounded. The Federal Aviation Administration said the cause was "automation issues"
Security Patches, Mitigations, and Software Updates
Warning over Adobe Flash vulnerability revealed by Hacking Team leak (Guardian) Tech company promises patch within a day for major new flaw uncovered by leak of 400GB of documents from hacking firm
Adobe to Patch Hacking Team's Flash Zero-Day (KrebsOnSecurity) Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks
CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating (ISC Knowledge Base) An attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause that resolver to fail an assertion and terminate due to a defect in validation code
Cyber Trends
All Information Security Is Cyber Security. All Information Security Must Change. (SecurityWeek) Cyber security is a nation-first, vendor-second issue. Recent events have frighteningly underscored the requirement to fundamentally rethink our approach to information security lest our economy, our very way of life suffer drastically
GAO: Financial Orgs Need Better Security Analytics and Threat Intelligence (Dark Matters) A new report from the U.S. Government Accountability Office (GAO), which sought to determine the efficacy of security audits for banks, thrifts, and credit unions, found that gaining access to actionable threat intelligence is "challenging" for financial institutions
Marketplace
The Role of the Board In Cybersecurity: 'Learn, Ensure, Inspect' (Dark Reading) Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk
Symantec reportedly close to selling Veritas to Carlyle for $7B-$8B; SYMC +2.7% (Seeking Alpha) Bloomberg reports Symantec (NASDAQ:SYMC) is "nearing a deal" to sell its Veritas storage software unit (currently set to be spun off) to P-E firm Carlyle (NASDAQ:CG) for $7B-$8B. For reference, Symantec closed today with a $15.4B market cap
Dashlane bullish about the future despite LastPass hack (ComputerWeekly) Password management firm Dashlane is confident its business model will evolve and continue to be relevant even if passwords eventually disappear
Hacking Team Plans to Continue Operations (Threatpost) It has been absolutely brutal week for Hacking Team. All of the company's documents, internal communications, emails with customers, and invoices have been published, including its dealings with oppressive regimes and customers in sanctioned countries. But even with all that, company officials said they have no plans to cease operations, even as they're asking customers to stop using their surveillance products for the time being
Days after Hacking Team breach, nobody fired, no customers lost (Ars Technica) Eric Rabe: "The company is certainly in operation, we have a lot of work to do"
Microsoft announces 7,800 layoffs and will write down $7.6 billion from Nokia (Quartz) Microsoft announced today it would cut up to 7,800 positions, primarily from its Nokia mobile phone business, and will write down $7.6 billion related to its purchase of Nokia. Microsoft's 2013 acquisition of Nokia — one of former CEO Steve Ballmer's last big plays — increasingly looks like a mistake
Products, Services, and Solutions
Comparing the top security analytics tools in the industry (TechTarget) Expert Dan Sullivan examines the top security analytics products to help readers determine which may be best for their organization
Technologies, Techniques, and Standards
IEEE group recommends random MAC addresses for Wi-Fi security (CSO) The Wi-Fi protocol needs to be updated to use randomly generated MAC addresses for better security and privacy
SEBI Issues Risk Framework Guidelines (BankInfoSecurity) Experts: take a holistic approach to risk assessment
6 Encryption and Cryptography Pitfalls to Avoid (Information Management) When it comes to data security, many pundits point to cryptography and encryption as cure-alls that can safeguard structured and unstructured data
8 penetration testing tools that will do the job (CSO) If the probability of your assets being prodded by attackers foreign and domestic doesn't scare the bejesus out of you, don't read this article. If you're operating in the same realm of reality as the rest of us, here's your shot at redemption via some solid preventive pen testing advice from a genuine pro
Web monitoring software helps keep employees honest (TechTarget) Web monitoring software can block use of Facebook and HBO at work, but also raises privacy concerns
Social media etiquette for Jim Carrey (and everyone else) (Naked Security) Actor Jim Carrey has apologized for tweeting the photo of a child with autism and tuberous sclerosis without asking for permission from the boy's parents
Design and Innovation
Twitter's New AI Recognizes Porn So You Don't Have To (Wired) Clément Farabet deals in artificial intelligence. As a research scientist at New York University, he built brain-like computing systems that identified objects in photos and videos, and then he launched a startup where he did much the same thing. He and his co-founder called it Madbits, and 18 months later, Twitter snapped it up
Academia
Illinois' Elite Cybersecurity Talent to Participate in U.S. Cyber Challenge Camp & Competition at Moraine Valley Community College (US Cyber Challenge) USCC endeavors to close the cybersecurity workforce gap
Legislation, Policy, and Regulation
DigiLocker Storage Service Launched (BankInfoSecurity) First new offering under Digital India Initiative
Home Office kept schtum on more than 30 data breaches last year (Register) More non-reported incidents; fewer actual reported incidents. Trebles all round!
Oz Defence Dept 'not punitive' with crypto export controls (Register) David Hook of Bouncy Castle fame, says consultations are hosing down fears
CSAIL report: Giving government special access to data poses major security risks (MIT News) Whether "backdoor" or "front-door," government access imperils your data, report authors say
Law enforcement backdoors open corporate networks to criminals (Network World via CSO) Legal access to secure communications will result in more risk for corporate secrets
FBI Director Comey's false dilemma: "ban encryption or accept terrorism" (Conversation) James Comey, Director of the FBI is the latest to add his voice to the call for a ban on the use strong encryption. In a blog post, Comey outlines the potential costs to public safety that come with security services not being able to intercept communications. In particular, he uses the threat of ISIL (ISIS) recruiting "troubled" US citizens and convincing them, over encrypted messaging apps, to "kill people"
Even Einstein Couldn't Fix Cybersecurity (GovTech) The Einstein and Continuous Diagnostics and Mitigation cybersecurity programs have been hailed as the cornerstone of repelling cyberthreats in real-time — but it turns out this is not actually the case
Hillary Clinton: Cyber Legislation in Congress Is 'Not Enough' to Stop Foreign Hackers (National Journal) "It's not only the Chinese. We know that other governments — Russia, North Korea, Iran — have either directly or indirectly sponsored hacking"
CHIME calls for dropping federal prohibition against unique patient identifiers (FierceGovHealthIT) The College of Healthcare Information Management Executives, or CHIME, has made recommendations to Congress that the industry group says can improve health information exchange, electronic health records and other health IT technical challenges
Archives clears up FOIA website confusion (FierceGovernment) With the launch of the openFOIA website last month, the National Archives and Records Administration has laid out what information requesters and Freedom of Information Act office workers can get from the three main FOIA-related federal websites
Litigation, Investigation, and Law Enforcement
Dutch MEP whacks Hacking Team over embargo-busting (Register) We need to talk about Sudan and human rights
NSA actually snooped on criminals (FierceITSecurity) I know what you are thinking. Not another leak by Edward Snowden about how the National Security Agency is violating the privacy rights of individuals and world leaders. Well, guess what. The NSA actually used its all-pervasive surveillance technology to target criminals launching distributed denial-of-service attacks and exchanging data on criminal activities in hacker forums
Former attorney general calls Snowden deal possible (IDG via CSO) The "possibility exists" for the U.S. Department of Justice to cut a deal that would allow surveillance leaker Edward Snowden to return to the U.S., a former attorney general said in a media interview
No jail for Lizard Squad member guilty of 50,700 cybercrime charges (Naked Security) A 17-year-old member of notorious hacking gang Lizard Squad has escaped jail time, despite being convicted of 50,700 computer crime charges
Tax fraudster who hacked accounting firms pleads guilty in US court (Naked Security) A Bulgarian hacker admitted on Monday his involvement in a $6 million tax fraud scheme using personally identifiable information stolen from the networks of several accounting firms
Judge overturns conviction of Goldman Sachs programmer for stealing code (Naked Security) In a case that illustrates just how sticky it can be to prosecute insider crime, the US Supreme Court on Monday dismissed the second criminal conviction of a former Goldman Sachs programmer who copied 32MB of what he claimed was open-source code
14 days running a secret Dark Web pedophile honeypot (and why I now think Tor is the devil) (Geek Slop) Before discoursing the lengthy analysis of the Dark Web honeypots (there were three), let's answer the question that is surely on everyone's mind — did the honeypot allow me to reveal the true identity of the person visiting the Tor site? In many cases enough evidence was gathered to provide a pretty good guess or at least a good launching point for identification of the person that visited the site. Surprisingly, in some cases, the identity of the person was undeniably revealed and included the person's name, unique personal computer footprint, and true external IP address (see partial data example above). And to answer the second question, "no", this did not require the placement of malicious malware