Cyber Attacks, Threats, and Vulnerabilities
Terrifying New ISIS Video Threatens Attack On American Soil (Refinery 29) Up to this point, the atrocities of the so-called Islamic State (or ISIS) have been restricted to the territories they control in Iraq and Syria. But, a terrifying new video released this weekend by the terror group calls for supporters to carry out a 9/11 style attack on American soil — warning of "lone wolf" terrorists who may be hiding out in Western countries.
'Phishing email' the key to hacking of TV5Monde (The Local (French Edition)) The jihadist cyber-attack against French television channel TV5Monde last week was set in motion in as far back as January, several sources with knowledge of the investigation said on Tuesday
Hackers Shut Down Vatican City Website Against Pope's Comment (HackRead) Turkish hackers shut down Vatican City official website against Pope Francis' remarks in which he used the word 'genocide' to refer to mass killings of Armenians by Turks
Google Malaysia hacked by Bangladeshi hackers (TechWorm) Google Malaysia was hacked in the wee hours today and visitors were taken to a defaced landing page
Beijing May Have Been Spying on India's Defense Industry for a Decade (Quartz via Defense One) Cyber security firm FireEye said the hackers targeted data on military operations in multiple countries China has territorial disputes with in the South China Sea
U.S. firm CrowdStrike claims success in deterring Chinese hackers (Reuters) U.S. cybersecurity firm CrowdStrike Inc said Monday it had successfully prevented a Chinese hacker group from targeting a U.S. technology firm for the first time, offering promise for other companies facing cyber attacks
Chinese Nation-State Hackers Give Up Attack Campaign (Dark Reading) It worked on Hurricane Panda. Can APT30 and other organized cyberespionage groups also be convinced that an attack campaign isn't worth the trouble?
The Economics of Persistent Cyber Attacks (Forbes) There's an arms race in information security — that much isn't news. As security companies develop better tools at detection and stopping attacks, adversaries develop better attacks. Or do they? "Just like in the physical world, you're not going to bring in Seal Team Six on every SWAT engagement you have," said Dmitri Alperovitch, co-Founder and CTO of CrowdStrike, an information security company. "You're going to bring them in to capture Osama Bin Laden because that's a target that makes more sense." The same is true with criminal hackers — they're going to start out an attack with the B-team. Or maybe even the C-team
Zero-Day Market Economics Favor Incentives for Defensive Tools (Threatpost) There's a security truism that goes something like this: Defenders must protect all machines against all vulnerabilities, while attackers need only to find one way on to a system or network
Cylance SPEAR Team Discovers Vulnerability Impacting All Versions of Windows, Including Windows 10 Preview (MarketWatch) Loophole allows attacker to gain access to login credentials; popular apps from Adobe, Apple, Box and Microsoft also impacted
18-year-old SMB vulnerability resurfaces, dozens of vendors affected (CSO) New methods expand the attack surface to applications and software beyond Windows
A new security flaw in Microsoft Windows allows hackers to steal users' login credentials: Researchers (Reuters via IBNLive) Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft's Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs
Universal backdoor for e-commerce platform lets hackers shop for victims (Ars Technica) New "drive-by login" attacks use Web stores to target specific customers
TLS certificate blunder revisited — whither China Internet Network Information Center? (Naked Security) Just under three weeks ago, we wrote about a TLS certificate blunder by a Root Certificate Authority (CA) called China Internet Network Information Center, or CNNIC for short
Alert (TA15-103A) DNS Zone Transfer AXFR Requests May Leak Domain Information (US-CERT) Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests
Second-hand devices — cheaper but risky (CSO) The market for used smartphones and tablets offer opportunities for both buyers and sellers. But there are risks as well, both to individuals and the enterprise
As Ransomware Attacks Evolve, More Potential Victims Are At Risk (Threatpost) In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted and held for ransom, a scenario that is becoming increasingly common in enterprises and municipal agencies
Mobile Threat Monday: Analyzing Mint, Bitdefender Anti-Theft, Swarm, Snapchat (PC Magazine) The Security Watch team asked the penetration testing experts at Security Compass to take a look at some of our favorite apps to understand how they stack up, security-wise. One thing we learned from this exercise: there is always room for improvement
Season 5 Game of Thrones episodes leaked online (Naked Security) HBO has been mugged by its own early screeners
Five security questions you should be asking about the Apple Watch (CSO) Many security professionals are already thinking about the security implications of the Apple Watch
Bulletin (SB15-103) Vulnerability Summary for the Week of April 6, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
March 2015 Cyber Attacks Statistics (Hackmageddon) It's time to aggregate the two Cyber Attack Timelines for March 2015 (Part I and Part II) into statistics
Security Patches, Mitigations, and Software Updates
Drupal core security release window on Wednesday, April 15 (Drupal Groups) The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, April 15
Rootpipe Backdoor Flaw Not Going to be Patched on Older Versions of OS X (Intego) There's bad news for Mac users who aren't planning (or aren't able) to update their copies of OS X to 10.10.3
Cyber Trends
Threat Intelligence Sharing Momentum and Needs (Network World) Government and infosec industry should build upon threat intelligence energy by focusing on education, standards use-cases, and best practices
Report: Average cost per record breached is 58 cents, discovery times are down (CSO) Report: Average cost per record breached is 58 cents, discovery times are down
Schneier on 'really bad' IoT security: 'It's going to come crashing down' (Network World via CSO) The problem will sort itself out — eventually, he says
The cost of a non-malicious control system cyber incident — more than $1Billion (Control) There is a tendency by many in the cyber security community to only care about malicious cyber attacks as opposed to unintentional cyber incidents. April 9th, 2015, the California Public Utilities Commission fined Pacific Gas & Electric (PG&E) $1.6 BILLION for the September 2010 San Bruno natural gas pipeline rupture that killed 8 and destroyed a neighborhood (there are also 28 federal criminal charges and numerous other fines and penalties). This was not a malicious cyber attack but an unintentional control system cyber incident
Political SCADA attacks on the rise — or are they? (SC Magazine) The latest Global Threat Report from Dell Security reveals that attacks against SCADA systems have doubled in the last year — with most regarded as political
Dell Annual Threat Report analyzes the most common attacks observed in 2014 and how emergent threats will affect organizations throughout 2015 (Dell) Dell report analyzes the most common attacks observed in 2014 and how emergent threats will affect organizations throughout 2015. Research shows a rise in point-of-sale (POS) malware variants and attacks against payment card infrastructures targeting retail organizations. More companies were exposed to attackers hiding in plain sight as a result of SSL/TLS encrypted traffic. Research found a 100 percent increase in attacks against industrial control (SCADA) systems
Gangs of hackers cause cyber breaches to spike 23% (USA TODAY) Organized criminal gangs of hackers got smarter, faster and more ubiquitous last year, pulling off 312 major breaches against companies. That's up 23% from the year before, Symantec's 2014 Internet threat report found
Attackers use deceptive tactics to dominate corporate networks (Help Net Security) Cyber attackers are infiltrating networks and evading detection by hijacking the infrastructure of major corporations and using it against them, according to Symantec
Takeaways From the 2015 Verizon Data Breach Investigations Report (Tripwire: the State of Security) Verizon's annual Data Breach Investigations Report (DBIR), now in its eleventh year, has become one of the most anticipated information security industry reports. Think of it as the Data Breach Bible, as it dissects thousands of confirmed data breaches and security incidents from around the globe into emergent and shifting trends, providing us with insightful guidance to apply to our own security practices
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks (Dark Reading) New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record — and attackers are not going after mobile en masse
Lax Update Policies Give Hackers an Edge (Wall Street Journal) New report by Verizon says most breaches exploit a known software bug
Are privileged users the most dangerous insider? (Help Net Security) 92 percent of healthcare IT decision makers reported that their organizations are either somewhat or more vulnerable to insider threats, and 49 percent felt very or extremely vulnerable
Survey finds younger workers make bad security choices (CSO) Biggest downsides with smartphones are tied to high-earning, younger male workers
Phishers increasingly target banks and ISP accounts (Help Net Security) Phishing against banks and ISPs rose markedly compared to other sectors in the third quarter of 2014, according to the APWG. The number of brands being attacked remains high, and malware variants continue to proliferate at record rate of increase
Enterprise Security Threat Level Directly Linked to User Demographics, Industry and Geography (BusinessWire) Aruba Networks, Inc. (NASDAQ:ARUN) is calling for businesses worldwide to take action as a new mobile security risk report reveals that businesses are ill prepared for the high-risk, high-growth mindset of the #GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data
Data Breaches Common in Health Care Industry (eWeek) More than a quarter (26 percent) of health care respondents reported that their organization had previously experienced a data breach
First Lose the "Cyber" — Then We Can Talk (Dark Matters) How can information security ever be taken seriously as an industry with people — and some professionals — using such a silly term? Cyber?
Marketplace
PANW/FEYE top Piper security checks; PFPT/FTNT/IMPV underperform (Seeking Alpha) A Q1 Piper survey of security resellers found of 54% of Palo Alto Networks (NYSE:PANW) resellers stating their sales were above plan during the quarter, the highest figure among 10 covered firms. 19% were below plan, and 27% in-line
FireEye down 3.1% in wake of 60 Minutes broadcast (Seeking Alpha) After rising 5.3% on Friday on news COO Kevin Mandia would be appearing on a Sunday 60 Minutes segment about state-sponsored cyberattacks, FireEye (NASDAQ:FEYE) is returning a chunk of its gains today
Small Cap KEYW Holding Corp (KEYW): Are the Shorts Loosing Interest? LDOS & MANT (SmallCap Network) Small cap cybersecurity stock KEYW Holding Corp (NASDAQ: KEYW), a potential peer of Leidos Holdings Inc (NYSE: LDOS) and Mantech International Corp (NASDAQ: MANT), now has short interest of 36.20% — down from 41.76% registered last December
Verint Systems: Tremendous Upside Possible (Seeking Alpha) Favorable industry tailwinds include the growth outlooks for big data analytics, cybersecurity and fraud markets. Large and diverse customer base minimizes the company's exposure to any one sector, country or region. Margins will continue expanding due to a highly scalable and capital-light business model. FX headwinds will persist going forward. DCF indicates significant undervaluation
Encryption, Innovation, and the Cyber Gold Rush (SoundCloud) New America's Peter Singer and Passcode's Sara Sorcher chat with Alex Stamos, Yahoo's chief information security officer and world renowned cybersecurity expert, about his company's new end-to-end e-mail encryption rollout, what it?s like to lead a team of "Paranoids" and why people who have his job are so stressed out
Duo Security Raises $30 Million Led By Redpoint To Protect Enterprises Against Data Breaches (TechCrunch) Duo Security, the two-factor authentication startup backed by Benchmark and Google Ventures, wants to do more to help protect companies from hackers trying to gain access to their networks. With that goal in mind, it's launching a new product to secure their networks and announcing $30 million in new funding led by Redpoint Ventures
In the wake of post-NSA mistrust, Illumio raises $100M to take its software-based security platform global (Pando Daily) Illumio has raised a $100 million Series C funding round to continue working on its software-based security platform, hire more engineers for research and development, and expand sales offices in Singapore and the United Kingdom
Security Startups Might Thank Snowden For Funding (Investor's Business Daily) The cybersecurity startup ecosystem has an unlikely benefactor: Edward Snowden. When Snowden famously exposed post-9/11 National Security Agency mass-surveillance practices in 2013, the whistleblower changed the face of the cybersecurity threat and ignited record levels of venture capital into security
FireMon promises better security for government, enterprises with Immediate Insight acquisition (Channelnomics) FireMon announced its acquisition of Immediate Insight today. According to FireMon, with Immediate Insight, the security intelligence solutions provider has added speed comparable to a search engine as well as simplified analysis to its operational security event data
IBM (IBM) Announces Acquisition of Intelligence Cloud Company, Explorys (Street Insider) IBM (NYSE: IBM) announced plans to acquire Explorys, a healthcare intelligence cloud company that has built one of the largest clinical data sets in the world, representing more than 50 million lives. The acquisition strengthens IBM's leadership position in healthcare analytics and cloud computing, and will help bolster its ability to extract and share deep insights to improve wellness and benefit patients
Symantec may flog off Veritas — but where's the CEO hunt at? (Register) PE sale instead of float on the cards
Nokia and Alcatel-Lucent holding acquisition talks (ComputerWeekly) Finnish networking supplier Nokia is holding acquisition talks with French network infrastructure firm Alcatel-Lucent
Qualcomm under pressure from activist investor to split (MicroScope) The world's largest smartphone processor maker Qualcomm is reportedly under pressure from one of its largest shareholders to spin-off one of its most profitable divisions
EMC turns to Azlan to reach more MSPs (MicroScope) It took a while for the answer to the question around the role of distribution in a cloud world to emerge but the importance of using that tier of the channel to help vendors support resellers is now being underlined on a regular basis
Report: BAE May Seek To Appoint Foreign CEO (Defense News) BAE Systems has sought approval from the British government to appoint a foreign chief executive, according to media reports here
When cyber talent isn't drawn to government, hackers run amok (Federal News Radio) In the nationwide talent grab for cybersecurity experts, new research shows federal agencies can't compete with the perks offered by top-tier companies
More & more non-profit organisations giving credence to ethical hackers (Economic Times) Apoorva Giri and Shruthi Kamath met at last year's Null conference, a meet designed to spread awareness to the public on cybersecurity. Only, the crowd was predominantly techie
Products, Services, and Solutions
AlienVault Announces More Social Threat Exchange (TechCrunch) AlienVault, a cybersecurity firm aimed at SMBs, announced the Beta of Open Threat Exchange (OTX) 2.0. The company bills it as a threat intelligence sharing platform, and the social component it has added in the latest version enables members to discuss security threats on a social network
Competing with Honeywell, Siemens and Bosch, SecurAX offers cloud-based model to enable plug-n-play security solutions (Your Story) With more information comes more power and with more power comes a greater need for security
Silect Software Announces New Real-time Compliance Monitoring Solution for Microsoft System Center 2012 Powered by HITRUST (QKEG) Silect Software Inc., a leading provider of management solutions for Microsoft System Center 2012, today announced that it has partnered with the Health Information Trust Alliance (HITRUST) and Microsoft to deliver a new real-time compliance monitoring solution that is fully integrated with Microsoft System Center 2012. The HITRUST Real-Time Compliance (RTC) Pack enables organizations to benefit from real-time, operational awareness to help enhance security and compliance
U Central Florida Enhances IT Security with Privileged Account Management System (Campus Technology) The University of Central Florida has implemented a new password management system to provide IT staff with privileged access to the enterprise systems it uses to support the campus
New Norse Intelligence Service Spots Attacks in Progress (BusinessWire) 24x7 continuous threat monitoring, alerting and analysis from Norse for extended enterprise/partner networks
Technologies, Techniques, and Standards
How the NSA Is Using the Cloud To Thwart the Next Snowden (Nextgov via Defense One) In a post-Snowden world, is it really a good idea to have analysts swimming around in one vast ocean of NSA secrets and data?
New security requirements for payment card vendors (Help Net Security) The PCI Security Standards Council (PCI SSC) has published version 1.1. of its PCI Card Production Security Requirements. The updated standard helps payment card vendors secure the components and sensitive data involved in the production of payment cards, protecting against fraud via the compromise of card materials
Hacker Lexicon: What Are Chip and PIN Cards? (Wired) Banks across the US are in the middle of rolling out a new type of secure credit and debit card to customers, while retailers are installing new card readers to process them. By October, all credit and debit card purchases must use a technology called chip and PIN or the card issuer or retailer would face fines if card data is stolen and used by thieves. The dictum comes from Visa and MasterCard in the wake of high-profile bank card breaches at Target and other businesses over the years. The new EMV, or so-called chip and PIN cards, have an embedded microchip that authenticates the card as a legitimate bank card
A quick way to tell if your PC was infected by the Simda botnet (Graham Cluley) Interpol and a variety of key players in the computer security industry have announced the takedown of the Simda botnet, believed to have infected some 770,000 PCs around the world
CoinVault ransomware decryption keys released (ZDNet) A repository of CointVault ransomware decryption keys obtained by the Dutch police from a seized server have been shared online by security company Kaspersky
How to Recover When Hackers Invade Your Email (TechZone360) Hacking is everywhere in the news these days, and for good reason: it is more prevalent and damaging than ever before. Just ask Anthem, the United States' second-largest health insurer who announced in February that it had suffered a major breach. While no electronic medical records were compromised, thieving hackers stole sensitive user information: names, addresses, and Social Security numbers. In fact, 79 million individuals' data — current and former customers, employees, and even non-customers — was stolen. The hackers believed to be responsible for the attack had been inside the Anthem system for months. Anthem left all of its user account information unencrypted, reportedly because encryption is inconvenient
Recreating the AC/DC Thunderstruck Worm with PowerShell and Metasploit (Dark Matters) About three years ago, computer workstations at two Iranian nuclear facilities allegedly began playing AC/DC's Thunderstruck at random times and at full volume. How cool would it be to use this during your next computer security pentest? Well, you can!
What is Email Encryption? (Digital Guardian) Email encryption defined in Data Protection 101, our series on the fundamentals of data security
Design and Innovation
Is DARPA's Memex search engine a Google-killer? (Naked Security) The history of computing features a succession of organisations that looked, for a while at least, as if they were so deeply embedded in our lives that we'd never do without them
My voice is my passport: Android gets a "Trusted Voice" smart lock (Ars Technica) "OK Google" voice commands can get authorization from the sound of your voice
Research and Development
Israeli Wins Top Computing Prize For Cryptography Breakthrough (Shalom Life) Stanford's Dan Boneh honored for innovations in the field of cryptography that improve computer security and privacy
Legislation, Policy, and Regulation
The UN wants to make sure we're not developing killer robots we can't control (Quartz) The United Nations has a lot of things to worry about. Famine, war, inequality, discrimination, epidemic disease… and now, reports New Scientist, the threat of autonomous robots that could destroy us on a whim
China's Growing Cyberwar Capabilities (The Diplomat) A recent attack on GitHub highlights China's growing expertise — and aggression — in cyberspace
US Gov stops Intel updating China's supercomputer (IT Pro) White House intervenes to prevent Intel sending China Xeon chips for planned upgrade
U.S. Blacklisting of China's Supercomputers May Backfire (IEEE Spectrum) When China wanted to upgrade Tianhe-2, currently the world's fastest supercomputer, it turned to U.S. chipmaker Intel. But the U.S. government has blocked Intel from helping with the tech upgrade and blacklisted several Chinese supercomputing centers over concerns for their involvement in nuclear weapons development. Experts warn that in the long run such a move may hurt the business of U.S. chipmakers and encourage China to speed up its homegrown chip development
Frenemies US and China join forces to fight cyber crime (Engadget) The US and China are going to try to work together to take on cyber criminals. The Department of Homeland Security says that the US and China "intend to establish cyber discussions" on the path to reestablishing full government-to-government cyber security discussions. The DHS and China's Ministry of Public Sector agreed to focus on cross border cyber-enabled crimes like money laundering and online child sexual exploitation. The renewed interest in cooperation is the result of DHS Secretary Jeh Johnson's visit to Beijing
IDF could unify cyber defense and offense into single branch (Jerusalem Post) As the IDF becomes increasingly dependent on digital networks for its combat capabilities, the issue of cyber security has become paramount
Mocking Ecuador's President Can Cost You Online Anonymity (Global Voices) The public battle between social media satirists Crudo Ecuador and Ecuadorian President Rafael Correa continues
Litigation, Investigation, and Law Enforcement
Colombian Hacker Gets 10 Years for Spying on FARC Peace Talks (PanAm Post) Orders to Sabotage Negotiations Came From President Uribe, Says Sepúlveda
Eighth-grader charged with felony for shoulder-surfing teacher's password (Ars Technica) The larger crime may be school administrators' poor op sec
Hacker who cloned Bill Gates's credit card is arrested in Philippines (Graham Cluley) Some criminals aim high
Pro-Palestine hackers fund charities with stolen Israeli credit cards (Daily Dot) A Muslim hacktivist group is using stolen Israeli credit cards to fund Palestinian charities, according to the group's leader. The group, known as AnonGhost, reportedly gained access to credit card credentials after hacking into dozens of Israeli websites
County prosecutor says it has no idea when stingrays were used, so man sues (Ars Technica) Cook County: We have "no way of knowing the identity of [such] criminal cases"
Net neutrality rules published, lawsuit to overturn them immediately filed (Ars Technica) After Federal Register publication, trade group for ISPs files suit
Prosecutors suspect man hacked lottery computers to score winning ticket (Ars Tecnica) Former security director may have tampered with number generator to win $14.3M
Man gets 150 months in prison for selling stolen and counterfeit credit cards (Help Net Security) A member of the identity theft and credit card fraud ring known as Carder.su was sentenced to 150 months in federal prison for selling stolen and counterfeit credit cards over the Internet. He was further ordered to pay $50.8 million in restitution
Man's social media post lands him in court (Emirates 24/7) Accused of blaspheming
An ambitious Russian court has banned 136 internet porn sites (Quartz) Vladimir Putin once said that half the internet is nothing but "porno materials." While a major academic study in 2010 found that, in reality, just 4% of websites were pornographic, it's an undisputed fact that there is indeed a lot of adult-rated material on the web
"Revenge porn" in UK now punishable by two years in prison (Ars Technica) Law also stiffens penalties for online "trolls" who cause "distress or anxiety"
Eugene Kaspersky: Standing up to bullies and why we'll never capitulate (International Business Times) Q: Why won't sharks attack lawyers? A: Professional courtesy. I overheard that joke once when I was on a flight. For some reason, it stuck with me. While it's obviously a tad harsh to tar all lawyers with the same brush, my recent encounters with legal practitioners have done little to disprove the accuracy of this joke