Cyber Attacks, Threats, and Vulnerabilities
The Chronicles of the Hellsing APT: the Empire Strikes Back (SecureList) One of the most active APT groups in Asia, and especially around the South China Sea area is "Naikon". Naikon plays a key part in our story, but the focus of this report is on another threat actor entirely; one who came to our attention when they hit back at a Naikon attack
Elite cyber crime group strikes back after attack by rival APT gang (Ars Technica) Coming to the Interwebz near you: Spy vs. Spy APT wars
'APT-On-APT' Action (Dark Reading) New spin on the cyber espionage attack: spies hacking other spies for information
Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets (Palo Alto Networks) Palo Alto Networks Unit 42 used the AutoFocus threat intelligence service to identify a series of phishing attacks against Japanese organizations. Using AutoFocus to quickly search and correlate artifacts across the collective set of WildFire and other Palo Alto Networks threat intelligence, we were able to associate the attacks with the group publicly known as "DragonOK." These attacks took place between January and March of 2015
US-CERT Warns of Issues with DNS Zone Transfer Requests (Threatpost) The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers vulnerable to the issue
TeaMp0isoN reveals schools' vulnerabilities (Office of Inadequate Security) Reading @_TeaMp0isoN_'s Twitter timeline last night and this morning was somewhat disheartening. Tweet after tweet identified vulnerabilities that would enable hackers access to universities' sites. For each school named, TeaMp0isoN indicated the type of vulnerability they had found and the vulnerable url. In some cases, if the university has a Twitter account, TeaMp0isoN included their Twitter account in the tweet to call their attention to their vulnerability. No data was dumped and many of the subdomains likely do not contain sensitive information, but once you've gotten in a door
U.S. sounds alarm on hacking of passenger jets, air traffic control (IDG via ComputerWorld) Government report says the FAA needs to do more to ensure safety in the skies
Email Phishing Attacks Take Just Minutes to Hook Recipients (Wired) If you work in IT security, you've got one minute and 20 seconds to save your company from being hacked. This is not a drill. It's the median time it takes for an employee to open a phishing email that lands on a company's network and in their inbox, setting in motion a race to prevent data from leaking. That's according to the new Verizon Breach Investigations Report, which is due to be released publicly tomorrow but was previewed to reporters today
Report: Internet of Evil Things is your next nightmare (CSO) A vast majority of enterprises are home to things that have the potential to turn evil at any moment, according to Pwnie Express
Welcome to the Internet of Things. Please check your privacy at the door. (ITWorld) Several things can happen to your IoT data, and most of them are bad. Here are the biggest things you need to worry about
Behind Tax Fraud: A Profile of 3 IRS Scammers (TrendLabs Security Intelligence Blog) Cybercriminals have been taking advantage of tax season for years. While we have seen tax seasons involving countries like Australia and the U.K., it appears that cybercriminals tend to heavily favor the use of Internal Revenue Service (IRS) scams, especially during the US tax season
How the heck did so much Game of Thrones leak in 2015? (Ars Technica) A four-episode leak may spell the death knell for the DVD screener
HSBC Financial Corp. notifies mortgage customers of online breach (Office of Inadequate Security) HSBC Finance Corporation has begun notifying an undisclosed number of consumers whose mortgage account information was inadvertently exposed on the Internet. The firm believes the exposure began sometime towards the end of 2014 and continued until March 27, 2015, when they learned of the breach
Security Patches, Mitigations, and Software Updates
Critical Updates for Windows, Flash, Java (KrebsOnSecurity) Get your patch chops on people, because chances are you're running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication
Apple Fixes Cookie Access Vulnerability in Safari on Billions of Devices (Threatpost) When Apple pushed out its most recent round of patches last week it fixed a cookie vulnerability that existed in all versions of Safari, including those that run on iOS, OS X, and Windows. According to researchers who dug it up, the number of affected devices may total one billion
Microsoft Patches Critical HTTP.SYS Vulnerability (Threatpost) Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it's inevitably publicly exploited
Microsoft Security Bulletin Summary for April 2015 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for April 2015
Chrome starts pushing Java off the Web by disabling plugins (Ars Technica) The Netscape-era NPAPI is now off by default in Chrome 42
Cyber Trends
Web app attacks, PoS intrusions and cyberespionage leading causes of data breaches (IGD via CSO) Web application attacks, point-of-sale intrusions, cyberespionage and crimeware were the leading causes of confirmed data breaches last year
Mobile security mostly a nonissue at the moment, Verizon says (CNET) There's not much of a need to fret about mobile security given that cybercriminals still have plenty of easy marks to hit, according to Verizon's enterprise security group
Health data breaches sow confusion, frustration (ProPublica via USA TODAY) As the privacy officer for The Advisory Board Co., Rebecca Fayed knows a thing or two about privacy and what can happen when it's violated
BYOD employees 'indifferent' to enterprise security (ZDNet) A new study says the next generation of workers is placing the enterprise at risk with a lax attitude to mobile security
Think only big companies get hacked? Wrong (CNBC) Once a month, it seems, we hear about a high-impact breach of a corporate computer system. The latest is Premera Blue Cross, and before that Anthem, Sony, Target, Home Depot: These are big companies, and many would assume they were relatively bulletproof. Yet they couldn't keep the hackers at bay
Cyber Security Show — Critical industry operational technology often 30 years old (IT Security Guru) Assets within energy companies can often be 20-30 years old
In 2015, It's All About the Data (United States Cybersecurity Magazine) 2014 taught us that massive security breaches are the new normal for U.S. companies, government agencies, and universities. Some of the most prominent were Target, Home Depot, Neiman Marcus, Apple's iCloud, Michaels, the U.S. Postal Service, the IRS, Community Health
Services, UPS, Staples, the State Department, Sands Casinos, USIS, eBay, PF Chang's, JP Morgan Chase, and, to sum up the year, Sony Pictures. The sobering reality is that it is now no longer a matter of if but when and how often that we're going to be breached. In 2014, we witnessed CEOs being fired, CIOs let go, boards of directors personally sued, and company data stolen or sabotaged on a grand scale. What will the extent of the damage be to our company, shareholders, and customers? What are the bad actors really after?
Marketplace
Palo Alto splashes $200m to strengthen endpoint security offering (Computer Business Review) Company acquires Israeli cybersecurity company Cyvera
Private Equity Firm Marlin to Buy General Dynamics' Fidelis Cyber Business (GovConWire) Los Ageles-based investment firm Marlin Equity Partners has agreed to purchase threat detection services business Fidelis Cybersecurity Solutions from General Dynamics (NYSE: GD) for an undisclosed sum
NSS Labs Raises $7 Million to Grow Cyber Advanced Warning System Solution (NSS Labs) NSS Labs, Inc., the world's leading information security research and advisory company, announced today that it has secured $7 Million in additional equity and debt funding with participation from LiveOak Venture Partners and Chevron Technology Ventures. The financing will support the growth of the NSS Cyber Advanced Warning System™ launched in March 2015
Cybersecurity startups raise big capital (The Hill) Two cybersecurity startups are making headlines for new rounds of financing that signal investors' growing interest in security products
Cyber security start-up draws $100m in BlackRock-led fundraising (Financial Times) Illumio, a cyber security start-up with personal backing from successful technology founders, has raised over $100m in a fundraising round led by BlackRock
With $30M in new funding, Duo Security announces London venture (MichiganLive) After previously raising roughly $18 million in funding, Ann Arbor-based Duo Security announced it has raised $30 million in Series C funding and will be expanding its efforts to London
Symantec: The Veritas Sale A Catalyst For The Rerating Of The Security Business (Seeking Alpha) A sale of the storage business for $5-8bn could highlight the undervaluation of Symantec's security ops. If the security business does not rerate as we expect, it is likely that private equity firms will try to acquire it (rumors have been circulating for months). The sale of the storage business could also enable Symantec to make a major acquisition in the security software space as it needs to reinvent itself
Nokia acquires Alcatel-Lucent for $16.6 billion to create networking giant (Ars Technica) Will strong research divisions be enough to let Nokia compete with Huawei and Ericsson?
Distil Networks Helps Companies Battle Bad Bots (Forbes) "I was working at a cloud security company and customers were asking for a way to identify real people versus bots on their websites. The company that I was with didn't tackle that problem. And so I tried to find something that would for those customers. The more I looked around, the more I realized there was a gap in the market for that service. So that's where things started in 2011," says Rami Essaid, co-founder and CEO of Distil Networks on his company's genesis
Chertoff Group Principal Jim Pflaging Joins the AdaptiveMobile Board of Directors (BusinessWire) Seasoned executive has deep expertise in the security and enterprise markets
Northrop Grumman opens cyber centre in UK (IHS Jane's 360) US headquartered contractor Northrop Grumman has opened a new cybersecurity centre in Gloucestershire, the United Kingdom, the company announced on 14 April. The facility will serve as a hub for cyber offerings to potential clients throughout Europe, the company said
GCHQ Steadily Sparks UK Cyber Industry Rush (Defense News) The cyber industry hub supporting Britain's GCHQ is continuing to grow with Northrop Grumman becoming the latest company to set up development and innovation facilities close by the headquarters of the intelligence center
Security Companies Hire Hackers, Ex-Spies to Fight Cyber Attacks (BloombergBusiness) It's a seller's market for the cyber war's special forces
U.S. Military's Anti-Hacking Force Won’t Be Ready Until 2018 (BloombergBusiness) The Pentagon will miss its own 2016 deadline to create cybersecurity teams to defend critical computer networks from hacking and they won't be fully operational until 2018, a senior Defense Department official said
Joint Cyber Training New Nordic Priority (Defense News) Cyberwarfare technology training has been identified as a new project area within The military-run Nordic Defense Cooperation (NORDEFCO) program
Study: 82% of organisations expect a cyber attack; 35% are unable to fill open jobs (ITWeb) According to a study by ISACA and RSA Conference, 82% of organisations expect to be attacked in 2015, but they are relying on a talent pool viewed as unable to handle complex threats. Thirty-five percent are unable to fill open positions, according to State of Cybersecurity: Implications for 2015, a study conducted by ISACA, a leader in cyber security, and RSA Conference, organisers of cyber security events
Products, Services, and Solutions
Cyber boot camp to churn out security pros in eight weeks (V3) The SANS Institute is opening up a cyber skills academy that will condense a two-year training course into just eight weeks to produce work-ready security warriors
Android Security Apps Continue to Improve in Latest AV-Test Report (PC Magazine) How much room does Android security have left to grow?
Tenable Network Security Announces SecurityCenter 5, Empowering Organizations to Continuously Measure, Analyze and Visualize Overall Network Health (BusinessWire) Industry leader in continuous network monitoring introduces Assurance Report Cards in its flagship product to help customers align security policies with business objectives
FinalCode Redefines Enterprise-Grade File Security for Confidential Collaboration (Nasdaq) Strong file encryption and extensive usage controls protect files wherever they go within and outside the corporate network
ThreatConnect, Inc. and CrowdStrike Partner to Strengthen Threat Intelligence Data Availability and Delivery (MarketWatch) ThreatConnect expands unique marketplace enabling organizations to effectively aggregate, analyze, and act on other threat intelligence sources via ThreatConnect Platform
Promisec Launches 'Freemium' Endpoint Monitoring Service to Minimize Cybersecurity Risk (Virtual Strategy Magazine) Freemium product provides critical MSSP/ OEM support for security service providers in Promisec's Partners Program
Aircrack-ng 1.2 RC 2 - WEP and WPA-PSK keys cracking program (Kitploit) Here is the second release candidate. Along with a LOT of fixes, it improves the support for the Airodump-ng scan visualizer. Airmon-zc is mature and is now renamed to Airmon-ng. Also, Airtun-ng is now able to encrypt and decrypt WPA on top of WEP. Another big change is recent version of GPSd now work very well with Airodump-ng
Tailoring Security Info for the C-Suite (eSecurity Planet) SurfWatch Labs' SaaS platform makes security information intelligible to business execs
Technologies, Techniques, and Standards
Threat Intelligence Is a Two-Way Street (Dark Reading) Intelligence analysis should be looked upon as less of a service and more of a partnership
Attention Healthcare IT Teams: Five Simple Ways to Keep Patient Data Safe (Trend Micro: Simply Security) At Trend Micro, we've been trying to draw attention to the growing cyber security threat facing healthcare organizations for some time now. With recent cyber-criminal targeting of healthcare organizations, it seems like a pretty good time to revisit our advice for others in the industry who want to stay secure on their journey to the cloud
Design and Innovation
An App That Hides Secret Messages in Starcraft-Style Games (Wired) China's Internet cafes full of young nerds glued to Starcraft 2 might soon be taking on more than Zerg hordes and Protoss Colossi. One group of anti-censorship researchers wants to turn those games themselves into a weapon in the war for web freedom
Google May Offer New Way to Target Ads (Wall Street Journal) The war for advertising dollars between Google Inc. and Facebook Inc. may add a new front: email addresses
Research and Development
New algorithm could auto-squash trolls (Naked Security) Ah trolls. A species we know well Naked Security those people who bounce around in comments sections flinging language dung all over the intertubes
DARPA Eyes Near-Zero-Power Tech to Extend Sensor Operational Life (ExecutiveGov) The Defense Advanced Research Projects Agency is seeking proposals on near-zero-power sensor technologies as part of the Near Zero Power RF and Sensor Operations program to address current power limitations of remote wireless military sensors
Legislation, Policy, and Regulation
DHS Opens Cyber Dialogue With China (HS Today) Although cyber relations between the United States and China became strained after numerous allegations during the past year of Chinese spying operations targeting the US, the Department of Homeland Security (DHS) and China's Ministry of Public Security (MPS) are now working on reestablishing a cyber dialogue
Deterrence will keep a lid on cyberwar, former spy chief says (ComputerWorld) Ex-national intelligence director Dennis Blair likened the standoff to mutually assured nuclear destruction
New cyberthreat information-sharing bill may be more friendly to privacy (ComputerWorld) The new bill still allows companies to share some unnecessary personal information with government agencies, a critic says
House panel approves cyber bill after adding surveillance restrictions (The Hill) The House Homeland Security Committee on Tuesday approved by unanimous voice vote a bill that gives companies liability protection when sharing cyber threat data with the Department of Homeland Security (DHS)
How To Boost Domestic Intelligence and Privacy To Prevent the Next Terrorist Attack (Defense One) Here are three steps to balance civil liberties with domestic security needs
14 Republicans move to block Internet rules (The Hill) Thirteen Republicans joined Rep. Doug Collins (R-Ga.) in support of a resolution that would block new Internet rules approved by the Federal Communications Commission
Litigation, Investigation, and Law Enforcement
EU Formally Accuses Google of Antitrust Violations (Wired) FIVE YEARS AGO the European Union began an investigation into whether Google violated its antitrust laws. Now it will finally bringing charges against the company as well as open a new investigation into Google's Android operating system
Banks hide cyber crime losses, says City of London Police (ComputerWeekly) Banks are obscuring the true amount of money lost to cyber fraudsters preferring to write off cyber incidents as losses, according to the City of London Police
International Operations Take Down Beebone, Simda Botnets (eSecurity Planet) Both operations required coordination between government agencies and private sector partners
NJ legislator who sponsored anti-swatting bill gets swatted (Ars Technica) "Some sick, evil person thought it would be funny to send the police to my house"
Lawsuit Over Alleged Jihadi Link Dismissed (Courthouse News Service) Offensive Security Limited voluntarily dismissed its lawsuit claiming online education company Udemy was "being used to educate jihadists in the art of hacking"
Baltimore Cops Asked Creators Of 'The Wire' To Keep Cellphone Surveillance Vulnerabilities A Secret (TechDirt) Over the past decade, criminals have apparently gained an insurmountable technology lead over law enforcement. I'm not sure how this is possible, especially considering many criminals don't have access to the same technology cops do, much less access to generous DHS funding, and yet, here we are witnessing police officers (following orders from the FBI) tossing cases and lying to judges in order to "protect" secret tools that aren't all that much of a secret
