The CyberWire Daily Briefing 08.11.15

Cyber Attacks, Threats, and Vulnerabilities

China used 'Dancing Panda' cyber operation to spy on Obama administration (Telegraph) For the past five years, the personal email accounts of top American security and trade officials have been compromised in a Chinese cyber espionage operation

Chinese spies targeting personal emails of top Obama admin officials (Washington Times) The personal email accounts of several high-ranking White House officials have been directly targeted by Chinese cyberspies — and some are still actively under attack, according to U.S. intelligence reports

One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status (IBM Security Intelligence) Over 55 percent of Android phones are at risk of a high-severity serialization vulnerability that IBM's X-Force Application Security Research Team found in the Android platform. In a nutshell, advanced attackers could exploit this arbitrary code execution vulnerability to give a malicious app with no privileges the ability to become a "super app" and help the cybercriminals own the device. In addition to this Android serialization vulnerability, the team also found several vulnerable third-party Android software development kits (SDKs), which can help attackers own apps

Over 55% of all Androids at risk of high severity vulnerability ( Graham Cluley) We've only just got over the news of the Stagefright vulnerability, that allows attackers to infect Android devices with just a maliciously-crafted MMS message and the shocking (and welcome) news that Google and other leading manufacturers will be releasing regular security updates for millions of smartphones from now on

Android Certifi-Gate remote access security hole exploited (ZDNet) A security hole in several Android's remote support tools is being exploited in the wild

HTC phone stores fingerprints in easily accessible plaintext (Help Net Security) Pressing a finger on your mobile phone's fingerprint scanner has to be the easiest, most seamless way to unlock the device, and this is why more and more manufacturers equip their mobile products with it. In fact, it is predicted that by 2019, 50% of all shipped smartphone will have a fingerprint sensor

G Data zählt 4 Millionen Schädlinge — die Rekordmarke für Trojaner und Android Malware ist erreicht (Yelling News) Aufgrund der intelligent konzipierten Schädlinge werden Android Trojaner und Android Malware immer schwerer aufzuspüren. Die G Data verzeichnet 4 Millionen Einträge

Researchers Unveil Square Reader Mobile POS Hacks (Threatpost) It wasn't long ago when hacking a point-of-sale system meant deploying a RAM scraper at a retailer, sitting back and watching the credit card numbers roll in. Now that POS has gone mobile with vendors such as Square, Intuit, Revel and others using hardware fobs connected to smartphones and tablets to process credit card transactions, hackers are sure to follow the money trail there

"Darkhotel" Cyberespionage Group Boosts Attacks with Exploit Leaked from Hacking Team (PRNewswire) Following the public leak of files belonging to Hacking Team — the company known for selling "legal spyware" to some governments and law enforcement agencies — a number of cyberespionage groups have started using, for their own malicious purposes, the tools Hacking Team provided to its customers to carry out attacks. This includes several exploits targeting Adobe Flash Player and Windows OS. At least one of these has been recruited recently by the powerful cyberespionage actor, "Darkhotel"

Darkhotel's attacks in 2015 (SecureList) Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets' systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team

Do You Want To Build A Snowman? (Duo Security) In case you haven't already heard the news, Google and Adobe just killed a popular information leak technique in the most recent version of Flash (v18.0.0.209). Mozilla went so far as to block Flash entirely. This was hot on the tails of two previously unknown, unpatched (0day) vulnerabilities in Flash, which were publicly disclosed as part of the enormous reams of information stolen from Hacking Team

.COM.COM Used For Malicious Typo Squatting (Internet Storm Center) Today, our reader Jeff noted how domains ending in ".com.com" are being redirected to what looks like malicious content. Back in 2013, A blog by Whitehat Security pointed out that the famous "com.com" domain name was sold by CNET to known typo squatter dsparking.com [1]. Apparently, dsparking.com paid $1.5 million for this particular domain. Currently, the whois information uses privacy protect, and DNS for the domain is hosted by Amazon's cloud

HP ZDI Finds 100 Vulnerabilities in Adobe Reader (eSecurity Planet) HP details how an attacker could potentially abuse Adobe Reader's JavaScript APIs

DGA.Changer Gets Anti-Detection Upgrade (Dark Reading) New 'imitation game' feature helps botnet-for-rent fool security tools that use sandboxing

Asprox botnet, a long-running nuisance, disappears (IDG via CSO) The Asprox botnet, whose malware-spamming activities have been followed for years by security researchers, appears to be gone

UK job recruiters network hit by hacker, user info dumped online (Help Net Security) TEAM (The Employment Agents Movement), the largest network of independent recruiters in the UK, has been hit by a Saudi Arabian hacker that goes by the online handle JM511

Retailer Fred's found payment card malware on two servers (IDG via CSO) Retailer Fred's said Monday it found malware that collected payment card details on two of its servers, but it doesn't appear the data was removed from its systems

Anonymous Hacks Mexican Govt Website, Demand Justice For Rubén Espinosa (Hack Read) The online hacktivist Anonymous attacked the Mexican government website against the murder of Rubén Espinosa, a local photojournalist

Hidden Link Analysis Reveals 92% of Suspicious IPs Not Blacklisted (Recorded Future) Blacklists are a useful and common tool for enterprises actively looking to keep suspicious IP addresses and URLs off their network and away from their infrastructure. Traditional blacklists are populated with information from intelligence feeds, intrusion detection systems, honeypots, and log files. But we at Recorded Future posit that traditional blacklists can be bettered by incorporating threat intelligence from deep and dark Web sources

How this hacker can virtually 'kill' you, and what to do about it (Christian Science Monitor Passcode) At the DEF CON hacker conference, Kustodian CEO Chris Rock demonstrated how fraudsters could artificially 'kill' someone for a profit or prank due to vulnerabilities in most countries' death registration processes

Health Data Breaches From Theft, Improper Disposal (HealthITSecurity) As often discussed on this site, health data breaches can stem from numerous areas. Covered entities and their business associates need to ensure they have a comprehensive data security plan, and are able to implement the necessary physical, administrative, and technical safeguards. However, accidents still happen, which is what two facilities are currently experiencing

How Identity Theft Sticks You With Hospital Bills (Wall Street Journal) Thieves use stolen personal data to get treatment, drugs, medical equipment

Facebook users: Make sure your mobile phone number is private (Graham Cluley) If you've got a Facebook account, chances are that you have told them an awful lot of information about yourself: your name, your location, your email address, your network of friends, your photos, your likes and dislikes… the list goes on

Why was Carphone Warehouse keeping customer passwords in plain text, just months after it was hacked? (Computing) When Carphone Warehouse was hacked at the end of 2014, the company was keen to reassure customers. "As part of our ongoing approach to security, we constantly test our systems and processes using external security consultants," it told customers

Carl Woerndle's business was ruined by a random cyber attack [audio] (Australian Broadcasting Corporation) Carl spent 10 years building a profitable IT business, and it took only a fortnight to tear it down

No one is safe: This tiny $30 device can break into your car and home (BGR) Not everyone wants to accept this simple truth, but that doesn't make it any less real: hackers outpace security advancements. When it comes to both online security and real-world security, hackers have already devised 10 new tools by the time security researchers come up with an effective way to block one old tool. As a result, no one is ever truly safe — and a new device recently shown off by a well-known security researcher is yet another example of just how vulnerable we really are

Hackers Cut a Corvette's Brakes Via a Common Car Gadget (Wired) Car hacking demos like last month's over-the-internet hijacking of a Jeep have shown it's possible for digital attackers to cross the gap between a car's cellular-connected infotainment system and its steering and brakes. But a new piece of research suggests there may be an even easier way for hackers to wirelessly access those critical driving functions: Through an entire industry of potentially insecure, internet-enabled gadgets plugged directly into cars' most sensitive guts

Connected cars not hacking it on all security fronts (Business Day) The morning after Laura Capehorn parked her Saab 9-3 estate, all she could find of it was a car-shaped hole in the snow. The interior designer had left the vehicle outside a house in London one evening last January

Cyber-physical attacks: Hacking a chemical plant (Network World) Def Con 23 included a talk about 'hacking chemical plants for competition and extortion.' Researchers released their Damn Vulnerable Chemical Process framework; using it, you can hack a chemical plant (simulation model) like an attacker and learn to spot cyber-physical attacks like a defender

Security Patches, Mitigations, and Software Updates

Windows 10 continually rebooting? It could be a buggy update ( Graham Cluley) Windows 10As ZDNet reports, some Windows 10 users have found themselves in possession of a continually rebooting computer after their PC downloaded a buggy cumulative update from Microsoft

Here's exactly why Microsoft needs to let users control the update process (FierceCIO) Some users are stuck in an update/reboot loop due to a flaw in a forced Windows 10 update

Verizon, T-Mobile Roll Out Stagefright Patch for Samsung Galaxy S5, Galaxy Note Edge and Galaxy Note 4 (Softpedia) Two more carriers roll out patches for Samsung phones

Cyber Trends

Black Hat 2015 — 5 security vulnerabilities that have researchers worried (TechWorld) Abstruse, sometimes informative and occasionally sensational, the Black Hat show's security presentations don't always describe the attacks that are happening today so much as what might be coming down the pike. In that sense, it's a sort of early warning system — as long as you can separate the far-fetched theoretical hacks and attacks from the ones that might actually come to pass

Black Hat: Talent Scarce, Firms Look to Automation and AI (Security Ledger) In-brief: with security talent scarce, experts at the Black Hat Briefings say that security automation fueled by machine learning and data analytics is going to play an increasing role in security operations

Smart Machines Still Need Smart People (Wall Street Journal) Smart machines are now capable of replicating many human capabilities. In a Deloitte Twitter chat, experts weighed in on the enterprise implications

The threat landscape runneth over, here's what we need to do (Digital News Asia) Automation needed to keep up, but people are still crucial in the security equation. The skills shortage and a culture of secrecy make Asia ripe for the picking

Don't Ignore Dark Web Dangers (eSecurity Planet) Many businesses do not think they need to worry about the Dark Web, says tech analyst Stephen George. But they are wrong

Marketplace

At Black Hat, Hottest Cyber Product Didn't Have a Booth (Council on Foreign Relations) Ah, Vegas in August. 100-degree heat, pool parties, and thousands upon thousands of hackers. Every summer the cybersecurity world takes over Sin City for a week. Black Hat, growing ever more corporate and responsible, is paid for on expense accounts. DEF CON? Well DEF CON is paid with cash at the door

Use Security as a Deal Maker (The VAR Guy) Every solution provider now needs to be able to address security issues just to land the deal — a change from IT security being the realm of a few specialists. In effect, every solution provider now needs to be an IT security solution provider

U.S. Cyber Command planning $460M IDIQ RFP in September (Washington Technology) The U.S. Cyber Command plans to set up a five-year, $460 million multiple-award contract to provide it and the Cyber Mission Force with cyber operations and planning support

Investors pour billions in to cybersecurity firms (CSO) Venture capital firms and corporate investors have put a record amount of money in to cybersecurity companies over the past year, and there's no end in sight

Mapping Israel's Cyber-Security Startups (TechCrunch) As Orson Welles put it in The Third Man, "In Italy, they had warfare, terror, murder, and bloodshed, but they produced Michelangelo, Leonardo da Vinci, and the Renaissance"

Symantec Corporation (SYMC — $22.91*) The Veritas Nightmare Finally Over-Sells for $8 Billion to Carlyle (FBR Capital) This morning, August 11, Symantec, in conjunction with reporting June results, officially announced the sale of its information management segment Veritas to Carlyle Group for $8 billion and roughly $6.3 billion in cash proceeds. While this potential transaction has been discussed in recent media reports, today's news should come as a relief to investors as Symantec finally unloads this "decade of agita" since the Veritas acquisition was done and now can laser-focus efforts on beefing up its legacy security platform through aggressive M&A with cash from this transaction

Symantec's Outlook Is Insecure as Its Competitors Gain Ground (The Street) Investors should avoid shares of security and enterprise software services company Symantec (SYMC - Get Report) ahead of its release of fiscal first-quarter 2016 earnings results Tuesday after the closing bell

The KEYW Holding Corporation (KEYW — $7.11*) Company Update (FBR Capital) Last night, August 10, KEYW delivered generally in-line June results that showed a decent rebound from a soft 1Q. While we were pleased to see stabilization at the government segment, the Street will be disappointed as KEYW's all-important commercial cyber solutions revenue came in at $2.5M, below the Street's $4.2M estimate as the company continues to struggle with converting pipeline into deal flow on this front

Kaspersky Lab: Based In Russia, Doing Cybersecurity In The West (NPR) Given Russia's cyber skills, it's not surprising that a Russian entrepreneur, Eugene Kaspersky, runs one of the world's leading companies offering protection from malware and online crime

A New Company Called Alphabet Now Owns Google (Wired) Google has reorganized itself into multiple companies, separating its core Internet business from several of its most ambitious projects while continuing to run all of these operations under a new umbrella company called Alphabet

Gemalto, Pas Si Sû… Pour le Cameroun (Camer.be) La structure passe pour être le leader mondial de la sécurité numérique. Pourtant, elle traîne des casseroles

Oracle's Chief Security Officer thinks the company can do security better than you (The Next Web) Oracle's Chief Security Officer, Mary Ann Davidson, took to her corporate blog today to rant about security, and how Oracle has been pursuing its own clients that break its license terms to ensure software security

whiteCryption Listed in Gartner Hype Cycle 2015 as Vendor of Mobile Application Hardening, Application Shielding and Application Obfuscation (Sys-Con Media) whiteCryption®, leading provider of mobile security software code and data protection, is honored to announce recognition as a sample vendor in the Mobile Application Hardening, Application Shielding and Application Obfuscation sections of the recently published Gartner report "Hype Cycle for Application Security, 2015"

Why is Nike partying in Vegas with hackers? (New Zealand Herald) "Can y'all make some noise for Nike?" a DJ shouted across the packed dance floor of a Las Vegas club

Tesla Looking to Recruit Hackers to Strengthen its Cars Against Cyber-Attacks (iDigital Times) During the annual Def Con event this past Saturday in Las Vegas, carmaker Tesla recruited hackers in the event in an effort to protect its vehicles from possible cyber-attacks. This news comes after the exposure of how vulnerable to hacking automobiles from Fiat Chrysler and GM are, and its lack of cybersecurity knowhow

Tesla Increases Bug Bounty Payout After Experts Hack Model S (SecurityWeek) Shortly after researchers disclosed a series of vulnerabilities found in Tesla Model S, the electric car maker announced increasing its maximum bug bounty payout to $10,000

Microsoft Puts A Bigger Bounty On Bugs (TechWeek Europe) The company promises bigger payouts for security researchers who find authentication exploits and submit ideas to strengthen Windows' defences

Thycotic Names James Legg President and Chief Operating Officer (Sys-Con Media) IT security industry veteran joins senior executive team at one of the fastest growing privately held companies in the US

Exabeam Selects New Channel, Technology Partner Strategies VP, Adds Resellers (Channel Partners) Computer security service provider Exabeam has selected Ted Plumis, formerly of Imperva, to lead its channel and technology partner strategies

Products, Services, and Solutions

Windows 10 hardening and enterprise security (ComputerWorld) Lots to like, but with some caveats

Wary Of Kaspersky? Consumer Choices In Computer Security Abound (NPR) NPR reviews the consumer choices in the anti-virus and anti-malware market

Watchful Software: Watchful Software Releases RightsWATCH 7.0 for Enhanced Security and Compliance (Bloomberg Business) RightsWATCH 7.0 more tightly integrates data classification and DLP strategies while enhancing the ability to securely share information with external users in collaboration with Azure RMS

Lockheed Martin Receives Enhanced Cybersecurity Services Accreditation from DHS (PRNewswire) Accreditation enables Lockheed Martin to use sensitive and classified data to defend customers

Someone At DEF CON Made a Drone That Hacks Computers (Defense One) You can buy it for $2,500 — and turn it into a flying malware injector

Technologies, Techniques, and Standards

Mobile threat intelligence is a boon, but beware of information overload (Tech Republic) As threat intelligence joins with mobile security to protect enterprise mobile devices it won't be without some pros and cons

Data Loss: The Business Challenge (InfoRiskToday) Websense's Singh on getting the best out of your DLP investment

Breach Prep: The Need for Pen Testing (InfoRiskToday) PwC's Veugelen on protecting businesses by assessing defences

Cybersecurity in Hospitals: Protecting Electronic Patient Devices from the Risk of Hacking (MD News) Almost every day there are reports of hackers breaching security protocols in banks, major chain stores and government offices to steal private, personal information. While these stories generally focus on the risk to one's credit score and the prevalence of identity theft, little attention has been paid to the threats to electronic medical devices with wireless capabilities

Pinpointing Your Security Risks (IT Security) Vulnerability scanning got its start as a tool for the bad guys; now it's helping companies find exposed network ports and at-risk applications

Design and Innovation

Kaminsky Creates Clickjacking-Killer (Dark Reading) Famed white-hat hacker proposes a fix for longtime Web attack vector

Research and Development

Quantum Computing — Tiny Particles, Big Problems (Team Cymru) Quantum computing — sounds like something ripped straight out of a Star Trek episode doesn't it? One can just hear Scotty on the Enterprise, "Cap't, the Quantum Computer has gone offline, I canna' make the calculations!"

Legislation, Policy, and Regulation

Pan-European cyber-security law includes digital in critical services (SC Magazine) A Pan-European cyber-security law may hold companies like Google and Amazon to stricter security requirements

Presidential hopefuls touch on data breaches, spying and other federal IT issues in GOP debate (FierceGovernmentIT) As expected, Republican presidential hopefuls in two separate debates last week debated major hot topics like immigration, terrorism and the economy, but they also touched on a handful of federal technology concerns such as government's electronic surveillance programs, cyberespionage and attacks from terrorist- and state-sponsored hackers

DHS cyber center gets new leadership (Federal Times) The National Cybersecurity and Communications Integration Center — Homeland Security's main processing center for threat information sharing and response — got new leadership Monday

Litigation, Investigation, and Law Enforcement

OPM officials hindering scrutiny of hacked computer systems, watchdog says (Washington Post) The Office of Personnel Management's inspector general has accused the agency's information technology office of trying to thwart scrutiny of how well OPM protected the security clearance and federal employee personnel files that were hacked and how well it responded to those breaches

FBI: When It Comes To @ISIS Terror, Retweets = Endorsements (Huffington Post) Which makes Twitter one of the bureau's best informant

Main Russian IS Recruiter 'Identified In Turkey,' But Who Is One-Legged Akhmet? (Radio Free Europe/Radio Liberty) Russia's security services claim to have established the identity of the main recruiter of Russian nationals to the Islamic State (IS) militant group, according to the Russian tabloid Life News, which has close ties to the country's security services

Data Security Firm Hit With Suit Over Cyberattack (Recorder) A Silicon Valley company that touted the security of its mobile platform is facing a shareholder class action related to a 2014 data breach

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime

Upcoming Events

3rd Annual Psyber Behavioral Analysis Symposium (Fort Meade, Maryland, USA, Aug 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium is to provide U.S. and Second Party Intelligence Communities (IC) a forum to present and collaborate on Human Science-based projects and research. This event attracts a multi-disciplinary government audience from across the IC and Second Party Partner organizations

USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks

5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics

Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains

AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015

Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response

2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics

ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries