Cyber Attacks, Threats, and Vulnerabilities
Jihadist cyber-attack on French TV began in January: sources (France Expatica) The jihadist cyber-attack against French television channel TV5Monde last week was set in motion in January, several sources with knowledge of the investigation said on Tuesday
Punkey POS Malware Sets Sights on More Retailers (Infosecurity Magazine) Researchers involved in a US Secret Service investigation have found a potentially prolific piece of advanced POS malware which could come from the same code base as the previously discovered NewPosThings family
New POS Malware Emerges — Punkey (Trustwave: SpiderLabs® Blog) During a recent United States Secret Service investigation, Trustwave encountered a new family of POS malware, that we named Punkey. It appears to have evolved from the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at Arbor Networks. While this malware shares some commonalities with that family, it departs from the standard operating procedure of the previous versions rather dramatically. In a blog post, TrendMicro also detailed recently compiled versions of the NewPOSthings family that bear a closer resemblance to NewPOSthings than Punkey. This suggests that multiple actors may be using similar source code, or the malware is being customized as a service for targeted campaigns. Because of the active investigation, I cannot reveal C&C domains used in the samples
Alert (TA15-105A) Simda Botnet (US-CERT) The Simda botnet — a network of computers infected with self-propagating malware — has compromised more than 770,000 computers worldwide. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations
FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen (Government Accountability Office) As the agency transitions to the Next Generation Air Transportation System (NextGen), the Federal Aviation Administration (FAA) faces cybersecurity challenges in at least three areas: (1) protecting air-traffic control (ATC) information systems, (2) protecting aircraft avionics used to operate and guide aircraft, and (3) clarifying cybersecurity roles and responsibilities among multiple FAA offices
Hackers' Newest Target: Airplanes (Foreign Policy) The newest terrorist threat to planes? Wi-Fi
Hackers Could Commandeer New Planes Through Passenger Wi-Fi (Wired) Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable
Sony Corp (ADR) (SNE) Cyber-Attack Scenario Might Be Revisited On Other Companies: Former Hacker (Bidness Etc.) Ex-hacker and now VP of Cylance stated that the looming threat of more hacks is imminent as price of electronic equipment coupled with technical sophistication is easily available
Troubleshooting feature on Cisco routers is open to data-slurp abuse (Register) Mad skillz + $10k = DIY NSA
Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787 (TrendLabs Security Intelligence Blog) On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks
Bishop Fox Security Research Team Discovers Major Authentication Bug in Popular AirDroid App (PRWeb) Vulnerability allows attackers to remotely take control over every AirDroid feature, even when not running
Dropbox users continue to unwittingly leak tax returns and other private data (Graham Cluley) Readers with good memories will recall a worrying privacy hole was found in Dropbox after publicly accessible links to private personal information stored on the service leaked out to unauthorised users
Recorded Future Explains Why People Thought It Was Crawling Your Facebook Chats (BostInno) We're all pretty quick to believe that the government is peeking at what we do on our computers, right? Maybe a little too quick sometimes
Security Patches, Mitigations, and Software Updates
Oracle to end publicly available security fixes for Java 7 this month (InfoWorld) Users must sign long-term support deals or migrate to Java 8 to avoid 'enormous headache and disruption to millions of applications'
Microsoft woes: Patch KB 3013769, Skype for Business, Windows 10 nagware (InfoWorld) Several of this month's Black Tuesday patches are already showing signs of trouble
Cyber Trends
Opinion: Threat intelligence is the judo move needed to take down hackers (Christian Science Monitor Passcode) Advanced techniques for quickly tracking and analyzing the behavior and tactics of criminal hackers gives companies the tools to defend against emerging cyberthreats
Targeted Attack Trends 2014 Annual Report (Trend Micro) Targeted attacks, aka advanced persistent threats (APTs), refer to a category of threats that aim to exfiltrate data. These comprise six components — intelligence gathering, point of entry, command and control (C&C), lateral movement, asset/data discovery, and data exfiltration, which includes a maintenance phase that allows threat actors to maintain their foothold within networks. Attackers initially gather target victims' profile information, which is then used as a delivery mechanism to gain entry into their networks. Once communication between compromised systems and C&C servers under attacker control is established, threat actors can then laterally move throughout the network and identify sensitive files to exfiltrate. In data exfiltration, an organization's "crown jewels" are transferred to a location predefined by the attackers
There's TOO MANY data-leaking healthcare firms, growls Symantec (Register) Problems often related to 'poorly patched devices'
How much will a data breach cost your company? (ComputerWorld) Verizon's 2015 Data Breach Investigations Report wants to help enterprises put a dollar figure on the cost of security failures
Enterprise Security Trends that Will Rule 2015 (TechZone360) From 3D printers that can replicate the intricate details of the human heart to wearable technology that tracks everything from blood pressure to incoming emails, 2015 shows great promise in becoming "Year One" of the new digital world order. But before we get too distracted, it's worth paying attention to — and learning from — the past, which has consistently revealed where even the most established industry giants stumble: enterprise security
Key trends for risk-prone behavior in the workforce (Help Net Security) Businesses are ill prepared for the high-risk, high-growth mindset of the GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data
Compromised credentials haunt cloud app usage (Help Net Security) Netskope found that more than seven out of ten uploads from users with compromised accounts are to apps with a "poor" rating in the Netskope Cloud Confidence Index. Additionally, 21.6 percent of logins to the Salesforce app come from compromised accounts. Cloud app usage continues to grow across enterprise organizations, more than 25 percent of organizations use more than 1,000 apps
Here's Why You Need To Worry About Data Breaches (Vocativ) Every bit of seemingly meaningless stolen personal info is a step closer to your bank account
Top cyber words for 2015 (Augusta Chronicle) When I spoke at the International Conference on Cyber Security in New York in January, officials including Director of National Intelligence Jim Clapper and FBI Director James Comey spoke eloquently about "changing the calculus" of cyber attacks. Lisa Monaco, assistant to the president for homeland security and counterterrorism, was passionate about how serious the White House takes critical infrastructure protection
The Great Cannon, Heartbleed, and POODLE (Slate) How cybersecurity threats get names — and why they're important
Marketplace
Investors reluctant to put funds into hacked businesses, warns KPMG (Computing) Investors are reluctant to put their money into organisations that have been hacked, a study by KPMG has claimed, with the professional services firm warning that some boardrooms still fail to take cyber security seriously
Meet Tanium, The Secret Cybersecurity Weapon Of Target, Visa And Amazon (Forbes) A father-son duo came from out of nowhere with a more clever idea to protect networks from hackers — and now have a $1.75 billion startup with $160 million in the bank
The Investors Behind The Next Billion Dollar Startups (Forbes) While the aim of this latest Forbes list is to honor the founders of the next billion dollar tech startups and their teams, credit is also due to the investors backing them. Of the five firms listed below, nearly all have been venture capital stalwarts for decades, with just one exception (the six-year-old Andreessen Horowitz). But in every case, the value of brand and judgment, tested by market cycles and challenged economies, is apparent. And the firms' investments in not one but several of these high-growth companies demonstrate their consistent success
Hot IPOs: CyberArk Sets Up In Cup-With-Handle Base (Investor's Business Daily) Several promising new issues have set up in bases and might be poised for a significant advance. One is CyberArk Software (NASDAQ:CYBR), an Israeli maker of security software. The company is in a hot industry group that includes leaders such as Palo Alto Networks (NYSE:PANW) and Qualys (NASDAQ:QLYS). The group ranked No. 9 out of 197 groups in Wednesday's IBD
Courion Announces Strategic Equity Investment and Continued Sales Momentum (Realwire) Courion®, the market leading provider of intelligent identity governance and administration (IGA) solutions, today announced continued market momentum with a strategic equity investment from K1 Investment Management and key customer wins in the first quarter of 2015
Palo Alto Networks: We will be world's top security vendor (CRN) Next-generation firewall pioneer confident it can leapfrog Check Point and Cisco to become world's 'most important' information security player
Dropbox Launches Bounty Program on HackerOne (Threatpost) Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program
Lack of skilled infosec pros creates high-risk environments (Help Net Security) 82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business
Products, Services, and Solutions
Ionic Emerges From Stealth With Data Protection Platform (eWeek) Ionic Security's platform is designed to protect data with encryption that is easy to deploy and maintain. Officially exiting from stealth mode, Ionic Security is now publicly discussing its data protection platform — which has been in various stages of development for nearly four years. Ionic has raised $78.1 million in funding, with its most recent Series C round bringing in $40.1 million in January 2015
Early Warning and BioCatch Align to Help U.S. Financial Services Organizations Fight Fraud and Improve Digital Experience (BusinessWire) Behavioral analytics and threat detection come together with financial industry data sharing consortium
DBN-6300 Immediately Identifies Advanced Persistent Threats (Top Tech News) Machine learning and behavioral analysis Enables DBN-6300 to immediately identify Advanced Persistent Threats — DBN-6300 "shines a light" on the database infrastructure to reveal Advanced Persistent Threats that typically operate in stealth mode over a protracted period of time
Comodo Announces Global Availability Of Latest Version Of Internet Security Software (IT Business Net) Comodo Internet Security 8.2 with patent-pending containment technology protects consumers from malware, viruses and zero-day attacks
Akamai Introduces Two New Managed Security Service Offerings to Kona Family of Cloud Security Solutions (PRNewswire) Combination of industry-leading technology and security expertise designed to better deflect modern web attacks
Reason Core Security 1.0.6.0 (PC Advisor) Reason Core Security is a tool for detecting, removing, and generally protecting you from malware, adware and similar unwanted programs
Pwnie Express Unveils Industry's First Internet of Everything Threat Detection System (Marketwired via Digital Journal) Pwnie Express today announced the next evolution of Pwn Pulse, the industry's first SaaS threat detection system designed to assess the Internet of Everything (including shadow IT and high-risk BYOx, vulnerable IoT devices, and purpose-built malicious hardware)
PhishMe Unveils New Security Solution for Enhanced Visibility into Targeted Phishing Attacks (Virtual Strategy Magazine) Leading anti-phishing provider launches new product for security analysts and incident response teams to operationalize internal human intelligence
Resilient Systems arms security teams with automated incident responses (Network World) Action Module makes mitigation steps happen faster and with certainty
Trustonic and Mobeewave Partner to Provide Unprecedented Security Level in Mobile Payment (BusinessWire) Turning off-the-shelf mobile devices into secure contactless mPOS without the use of an add-on
EdgeWave Unveils Military-Grade Breach Identification Service (PRNewswire) EdgeWave EPIC Security Assurance Service enables organizations to identify and immediately respond to cyber attacks
Comparing the top threat intelligence services (TechTarget) Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another
The 7 safest apps to send private and secure messages (Business Insider) The Edward Snowden revelations made it clearer than ever that your online messages are not safe from snooping
Technologies, Techniques, and Standards
PCI Council Publishes Revision to PCI Data Security Standard (PCI Security Standards Council) PCI DSS 3.1 and supporting guidance helps organizations address vulnerabilities within SSL protocol that put payment data at risk; PA-DSS revision to follow
Secrets are the enemy of a good security defense (InfoWorld) When you make a mistake, it's natural to want to keep the details quiet. But failing to recount the exact conditions that permitted a hack to occur only ensures a repeat
When you Can't Stop a Breach, you Should Still be Able to Spot it (InformationSecuirtyBuzz) Retailers have had an Annus Horribilis to quote Queen Elizabeth II. Target, Home Depot, Michael's, Dairy Queen, Sony — the list is endless. What is going wrong?
Inside AZ Labs, a facility 'certified at the highest level' of cybersecurity (Network World) In this unique rental office space, networks are protected with firewalls — and guards, and Faraday cages
Design and Innovation
Why Corporate Cybersecurity Teams Are Going Anonymous (Fast Company) Trustar, a new service, wants the world's top corporations to share hacker attack info with each other. Crazy or genius?
Research and Development
Onapsis Awarded Key Patent for Automated Cyber-Security Assessment of SAP Systems and Business-Critical Applications (WTRF) Enterprises gain assurance of rigorous methods to protect business-critical applications, processes and data from cyber-attacks
Academia
Student cyber team captures national title (Redstone Rocket) Grissom High group wins in Washington. It sounds like the plot out of a movie, or a headline on the nightly news
Legislation, Policy, and Regulation
Iran Is Raising Sophistication and Frequency of Cyberattacks, Study Says (New York Times) In February, a year after the Las Vegas Sands was hit by a devastating cyberattack that ruined many of the computers running its casino and hotel operations, the director of national intelligence, James R. Clapper Jr., publicly told Congress what seemed obvious: Iranian hackers were behind the attack
Australia Government "way out of touch": delegates to Hague cyber privacy conference (IT Wire) Delegates to a global Internet governance and digital privacy conference have questioned the Australian Government's legislation on cybersecurity, which they consider as extreme, flawed, and sacrificing human rights, according to a delegate, who is a member of the Internet Society of Australia
Why you have the right to obscurity (Christian Science Monitor Passcode) Federal Trade Commissioner Julie Brill says that obscurity means that personal information isn't readily available to just anyone. In our age of aggressive data collection, she says safeguarding obscurity should be a key component of consumer protections
NSA and FBI fight to retain spy powers as surveillance law nears expiration (Guardian) Debate reignites on Capitol Hill with Patriot Act section set to expire. Agency representatives secretly meet with members of Congress
Businesses argue against data breach bill change (The Hill) A coalition of business groups is urging House lawmakers not to drop an amendment to their data security bill that would require third-party vendors to inform affected consumers when they experience a breach
Pentagon to release cyber strategy next week (FCW) In his two months on the job, Defense Secretary Ashton Carter has made building out the Pentagon's capabilities in cyberspace a priority. That work will cross a threshold next week when the Pentagon releases a multi-year cyber strategy
Marine Corps building its first-ever cyber doctrine (Federal News Radio) The Marine Corps is drafting its first cyberspace doctrine, designed to help commanders build cyber operations into their battle plans, better defend their own networks and help integrate cyber with the more mature field of electronic warfare
Litigation, Investigation, and Law Enforcement
Interpol announces successful takedown of "Simda" botnet (Naked Security) Interpol just announced another co-ordinated botnet takedown, hot on the heels of Europol's action against the BeeBone malware
Google Disputes EU Antitrust Charges (InformationWeek) Google insisted that its conduct has been lawful and beneficial to the market
Health Plan Lawsuits and Data Breach Claims: Recent Developments and Implications (JDSupra) Five class action lawsuits have been filed against Premera Blue Cross in federal court in Seattle, Washington following the recent report of a data breach that affected approximately 11 million individuals. The lawsuits make similar allegations that Premera failed to protect sensitive information from attack. One lawsuit alleged a violation of the Health Insurance Portability Accountability Act ("HIPAA")
Netizen Report: Will Tech Companies Cave to the Kremlin's Data Demands? (Slate) Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week's report begins in Russia, where state media outlet RBC reported last week that U.S. companies including eBay and Google had begun storing Russian user data on servers located in Russian territory
Attorney claims cops planted spying malware on drive containing evidence (Help Net Security) Police force using malware in investigation is not an unheard-of situation but, according to an affidavit filed in a whistle-blower case against the Fort Smith Police Department (Arkansas), the department tried to use backdoors and keyloggers to spy on a lawyer that represents three police officers that work or worked for the department
Toxin-buying teen finds police waiting for him on the dark web (Naked Security) Many people use the internet to shop online and take advantage of low pricing, a huge amount of choice and greater convenience