Kryptowire finds backdoor in phones--they report back to China. Not a shocker, but interesting--espionage services use social media in tradecraft. Retefe Trojan implicated in Tesco fraud? Industry and legal notes.
Kryptowire has discovered a significant vulnerability that affects Android phones, especially prepaid or disposable phones. Not a bug, it's allegedly a deliberately installed backdoor in software provided by Shanghai Adups Technology Company, which says its product is in some 700 million devices. Kryptowire says that Adups reports all texts to an address in China every seventy hours. Whether this is data mining for commercial marketing or state-directed espionage remains unclear.
State espionage services are reported by Motherboard to be making foreseeable use of various social media platforms for traditional ends of infiltration, compromise, and recruitment.
US Army Cyber Command reports that some of its personnel have been receiving phishing emails carrying Locky ransomware payloads.
Verint has seen a new variant of SpamTorte, an advanced, multilayered spambot, circulating in the wild.
ESET says the Retefe Trojan was involved in Tesco bank fraud. Retefe, usually spread via malicious email, configures a proxy server for man-in-the-middle access to traffic between customers and their online account. It also installs a bogus root certificate to fend off warnings of interaction with a spoofed site, and it has a mobile component that intercepts passcodes to subvert two-factor authentication. ESET believes other banks are being actively targeted with Retefe.
Security vendors have begun their holiday season warnings and advice for online shoppers.
In industry news, Nehemiah Software acquires Siege Technologies, specialists in forecasting attacker capabilities.
A UK court approves Lauri Love's extradition to the US.
If Ash Carter has his druthers, Ed Snowden gets no pardon.
Today's issue includes events affecting Argentina, Brazil, China, Germany, Iraq, Netherlands, Russia, Spain, Syria, Ukraine, and United States.
A note to our readers: we've spent the morning at the Chesapeake Regional Tech Council's Commercial Cyber Forum on insider threats. We'll have a full report later this week.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Terbium Labs, as Emily Wilson discusses Terbium's recent report on the dark web. We'll also hear from Ping Identity's Pamela Dingle, who will describe the Digital Transformation Journey. (If you enjoy the podcast, please consider giving it an iTunes review.)
Cyber Attacks, Threats, and Vulnerabilities
Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say (New York Times) For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours
The election is over but spammers aren't conceding (Christian Science Monitor Passcode) During the presidential campaign, experts spotted an explosion in malicious email spam attempting to trick recipients into downloading harmful files or revealing personal data. And the spammers aren't going away
Trump Protesters Falsely Accused of Anti-Chinese Racism in Viral Weibo Story (Motherboard) The popular Chinese microblogging site Weibo sent a push notification to countless smartphones in China on Monday, advertising a post that claimed that anti-Trump demonstrators in the United States were responsible for a surge of hatred against Chinese-Americans
Spies Use Tinder, and It's as Creepy as You'd Think (Motherboard) On September 4, a group of young activists planned to attend a demonstration against Interim President Michel Temer in the city center of São Paulo. They never made it. Their group had been infiltrated by an Army Captain Willian Pina Botelho—via Tinder
Someone tried to infect Army Cyber Command with ransomware (CyberScoop) Phishing emails that were sent last week as part of an extensive ransomware campaign designed to target government employees and contractors were also found in the inboxes of Army Cyber Command employees, a spokesperson told CyberScoop
IoT devices in the enterprise (Zscaler Blogs) A look at the enterprise IoT device footprint and IoT traffic analysis
Medical devices pose weak link in preventing cyber attacks (Health Data Management) For many users of Johnson & Johnson’s OneTouch Ping insulin pump, the benefit of ease of use has been outweighed by the fear of hacking
The US grids have been cyber attacked –industry response and information sharing has failed (Control Global Unfettered Blog) According to “official” sources, the US electric grid has never been cyber attacked. However, that is not true. There have been several cases where nation-states and others (not identified) have cyber attacked the US electric grid
New versions of SpamTorte discovered (SC Magazine) Verint details discovery of SpamTorte 2.0, an Advanced multi-layered spambot campaign which they said is "back with a vengeance"
Experts question Microsoft's Windows zero-day response (TechTarget) A Windows zero-day disclosed by Google caught Microsoft between patch cycles, and experts questioned whether Microsoft downplayed the severity of the vulnerability
Tesco Bank Attack Linked to Trojan Targeting Other UK Lenders (Infosecurity Magazine) Security experts have linked the recent attack which cost Tesco Bank £2.5 million to the Retefe trojan and warned that countless other banks are also at risk around the world
Tesco Bank cyber attack could have been avoided, say experts (Bob's Guide) Internet security experts are now claiming that Tesco Bank missed or ignored warning signs that cyber hackers were present in the software many months before cash was actually stolen, forcing the supermarket to pay back £2.5m ($3.1m) of losses to 9,000 customers
78,000 military email accounts found in adult website hack (Washington Examiner) Tens of thousands of government and military-issued email addresses were among those stolen from a conglomeration of adult hookup and pornography sites last month, according to an analysis of the breach issued Monday by LeakedSource.com
KnowBe4 Warns Employees Against “AdultFriendFinder” Scams (BusinessWire) Company warns of expected scams resulting from the 339 million adult accounts pilfered from sex community including fifteen million “deleted accounts”
Critical Linux bug opens systems to compromise (Help Net Security) Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers – both local and remote – to obtain root shell on affected Linux systems
Spotify desktop app bug writes data in massive proportions on a daily basis (HackRead) Our desktop’s hard drive might be in danger of losing a few years of its lifespan if you are an avid user of Spotify’s desktop app for accessing tuneage or satisfying your music cravings
This malware attack starts with a fake customer-service call (Help Net Security) The hackers call hotels, then send email attachments that look like customer information
Wi-Fi shadows cast by your fingers could leak your password (Naked Security) Researchers in a team from Shanghai, Boston and Tampa recently published an temptingly titled paper about password stealing
FBI says FIFA Ultimate Team console game hackers stole millions in virtual currency (Hot for Security) Modern-day criminals don’t need to steal from your wallet or even your online bank account to make themselves millions of dollars. They can also target video games, an increasing number of which have their own virtual in-game currency that can be used to buy or sell items attractive to players
Microsoft investigating UPenn racist cyberbullying incident (CNBC) GroupMe, the Microsoft-owned messaging app that was used for a racist cyberbullying attack last week at the University of Pennsylvania, said it removed the messages instantly and is investigating the case
Security Patches, Mitigations, and Software Updates
CVE-2016-7461: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability (SANS Internet Storm Center) VMWare published today advisory VMSA-2016-0019 affecting products VMware Workstation Pro / Player and VMware Fusion Pro / Fusion. The issue is located in the drag and drop feature, which is affected by an out-of-bounds memory access vulnerability
Patch Tuesday overhaul: Microsoft to replace security bulletin index with database-driven portal (ZDNet) Over the past year, IT admins and security professionals have had to deal with massive changes in the way Microsoft delivers updates. Beginning in 2017, they'll have to adjust to a new format for security bulletins as well
Despite privacy concerns, Microsoft calls Windows 10 'the most secure version of Windows' (Tech Republic) Microsoft recently penned a blog post explaining some of the security updates in the Windows 10 Anniversary Edition, especially dealing with protecting against ransomware
Twitter (finally) updates its abuse policy: easier troll reporting, more granular mutes (TechCrunch) In the wake of the U.S. Election, as Facebook and Google come under fire for the dissemination of fake “news” in their News Feed and search results, Twitter is tackling another area that’s been a flashpoint issue not only recently, but for years: the social media platform today is unveiling some major updates to its safety policy, aimed at helping users weed out abusive Twitter accounts and Tweets
Facebook, Google ban fake news sources from their ad networks (Help Net Security) Despite Mark Zuckerberg’s dismissive attitude regarding the claim that Facebook had an inappropriate impact on the US elections, the company has moved to bar sources of fake news from its Facebook Audience Network ads
Preparing for the holiday shopping season? Cybercriminals are getting ready as well (Help Net Security) The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday
The Black Friday Heist: Financial Phishing Increases During the Holiday Season (BusinessWire) The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday
The key to combating cyber insecurity: changing behavior, training the workforce (Miami Herald) Cyber threats facing the United States and the world are growing at an alarming rate and are expected to continue to grow well into the 21st century
As Cybercrime Rises, So Does Spending On Cyber Security (Globe Newswire) The world is becoming increasingly connected through networks and data in an ecosystem governed by digital technologies which have created immense opportunities for individuals, businesses and organization
Nehemiah Security Announces Acquisition of Siege Technologies (Nehemiah Security) Expands portfolio with predictive performance solutions to model, map, quantify and forecast attacker capabilities
Why new-look McAfee is making security vendors nervous (ARN) Security vendor targets Symantec, IBM, Trend Micro, Carbon Black, Sophos, Cylance, Crowdstrike, SentinelOne and co
Things You Should Know Before You Buy Raytheon (Seeking Alpha) Investors might not necessarily buy Raytheon(Forcepoint) as a short-term value play. As against the recent SA article that explained the upsides for Forcepoint, critical points were left out of the argument while making the bullish case. What are the issues that need to be resolved before investors make the bet on RCP (Raytheon cyber products)?
FireEye: Dominating The Cloud Security Market (Seeking Alpha) FireEye is transitioning into a cloud-based business model. It is still underperforming in market share growth compared to competitors. Will the proliferation of IoT be sufficient to achieve and maintain profitability?
TalkTalk profits soar as telecoms giant continues cyber attack recovery (City A.M.) TalkTalk’s earnings soared in the six months to September, despite total revenue falling 1.1 per cent
WISeKey creates a Joint Venture company “WISeKey Argentina” for the development of cybersecurity in Latin America. (Yahoo!) WISeKey International Holding (WIHN, a company listed on the Swiss stock exchange) through WISeKey ELA (its Spanish company headquartered in Bilbao), AC Investment & Consultant S.A. and Trend Technologies S.A. reached an agreement to form a Joint Venture for the creation of a new company WISeKey Argentina, with the objective of extending WISeKey’s global presence in Argentina
RiskVision Announces Key Executive Appointments to Capture Global Surge in Risk Intelligence Market Growth (Marketwired) Appoints former Cisco and Symphony Teleca executives Leo Hecke and Keith Higgins to scale customer and partner ecosystem and accelerate demand for respected brand
PacketSled Response to Matt Harrigan Comments (PacketSled) PacketSled takes recent comments made by our CEO, seriously. Once we were made aware of these comments, we immediately reported this information to the secret service and will cooperate fully with any inquiries. These comments do not reflect the views or opinions of PacketSled, its employees, investors or partners. Our CEO has been placed on administrative leave
Products, Services, and Solutions
Secure your identity and your device in one app with expanded protection from Lookout Personal (Lookout Blog) Today, Lookout is adding two new tools to our Personal app for individuals who are concerned about the safety of their digital identity and financial data
Device Authority and InVMA develops secure IoT solution for GCE Group portable connected medical device (Device Authority) Device Authority, a global leader in policy and device-driven security for the Internet of Things (IoT) and Gartner Cool Vendor 2016, has today announced it is working alongside strategic partner and systems integrator InVMA to deliver an innovative connected health solution for GCE Group
Dashlane Debuts New Password Management Features For Businesses (PRNewswire) SAML support, exclusive Smart Space Management™ make Dashlane easiest enterprise solution to implement
Thomson Reuters, Pillsbury, FireEye Align For Cybersecurity Compliance Program (Dark Reading) Thomson Reuters, Pillsbury and FireEye have teamed up to help businesses meet new regulations and manage cybersecurity-related risk
WISeKey to keep smart public lighting secure (Smart Cities World) The partnership aims to provide IoT devices with a layer of security that will make them more robust and secure
Swan Island Networks Announces TX360 Platform Innovations for Enterprise Security, Intelligence, and Business Continuity (IT Business Net) Swan Island Networks, a leading provider of cloud-based situational intelligence software and services, today announced the availability of the newly upgraded TX360 platform
LookingGlass Cyber Solutions Honored with CRN® 2016 Tech Innovator Award (BusinessWire) ScoutPrime takes top honors in the 2016 Editor’s Choice Category
Akana Named a Leader in API Management Solutions Report by Independent Research Firm (Benzinga) Akana, a leading provider of API Management, API Security, API Analytics and Microservices solutions for Digital Businesses, announced today that it has been named a Leader by Forrester Research, Inc. in its new report, "The Forrester Wave™: API Management Solutions, Q4 2016"
Five9 and Verint Announce Global Partnership, Extending Availability of Cloud Workforce Optimization and Analytics Solutions (BusinessWire) Partnership further expands availability of award-winning contact center and WFO solutions to organizations of all sizes
Ant Financial contracts with V-Key to secure mobile payments (Finextra) V-Key, a global leader in digital security, and Ant Financial Services Group, the leading global tech company that provides online and mobile financial solutions, have entered into a collaboration
GlobalSign Integrates High-Assurance Digital Certificate Issuance Services with Microsoft Azure Key Vault (MarketWatch) Users are able to issue high volumes of SSL/TLS certificates directly through the Key Vault service
Spirent Responds to Carrier Demands for Actionable Intelligence (BusinessWire) Spirent VisionWorks, the first solution to provide the active visibility carriers need to detect, isolate and troubleshoot service issues across the network
In Logs We Trust™: Announcing the Launch of the Waterfall BlackBox™ (PRNewswire) Restoring trust in network information for cyber-attack response teams and forensics
Technologies, Techniques, and Standards
CrySis Ransomware Master Decryption Keys Released (CyberParse) The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public
Dear Mirai, how thou shall plan for thee (CSO) This is only the beginning for these larger attacks, so start preparing now
How Special Operators Trained for Information Warfare Before the Mosul Fight (Defense One) At a two-day exercise in April, U.S. troops practiced waging warfare on an invisible yet vital battlefield
What is a Security Operations Center (SOC)? (Digital Guardian) Learn about how security operations centers work and why many organizations rely on SOCs as a valuable resource for security incident detection
8 Ways Businesses Can Better Secure Their Remote Workers (Dark Reading) Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe
3 Effective Ways to Monitor and Reduce Click Fraud (Huffington Post) If you use pay-per-click ads to promote your website to be picked up on a search engine, there’s one major thing you need to know: protect yourself from click fraud
Network security in the new service provider reality (Security Asia) We are standing at the cusp of a new digital era
Weave a web of deception to secure data (Help Net Security) Today’s technically superior and incredibly well-funded (often state-funded, in fact) hackers are not impressed with breach prevention and traditional security solutions
How automated investigation can accelerate threat detection (CSO) Cyber security analysts are overwhelmed with the pressure of keeping their companies safe
Legislation, Policy, and Regulation
In The Lame Duck, How Congress Makes Cybersecurity A Non-Partisan Priority (Forbes) With a lame duck session of Congress looming, federal lawmakers are scrambling to push key legislative items through last-minute. One key area of concern is cybersecurity
Litigation, Investigation, and Law Enforcement
UK approves extradition of British hacker to the US (CSO) The US has accused Lauri Love of hacking government computers
Pentagon chief tells techies he does not condone Snowden's actions (The Hill) Defense Secretary Ash Carter told tech entrepreneurs on Monday that he does not condone the actions of ex-National Security Agency contractor Edward Snowden, showing little appetite for a pardon before President-elect Donald Trump takes office
Police Raid IS Suspects Across Germany (Radio Free Europe/Radio Liberty) German authorities have launched simultaneous raids on mosques, apartments, and offices in 10 states against suspected supporters of the Islamic State (IS) group
A US Judge May Sentence Wannabe Terrorists to ‘Deradicalization’ (Wired) Over three days starting Monday, Judge Michael J. Davis of the federal District of Minnesota will sentence nine men convicted of aiding the so-called Islamic State, better known in the West as ISIS
CIA, NSA ordered to reveal to judge whether they were involved in Occupy Philly surveillance (Philadelphia Inquirer) A federal judge has ordered the CIA and the National Security Agency to disclose to him whether they were involved in spying on Occupy Philadelphia protesters during their monthlong demonstration at what is now Dilworth Park five years ago
Navy denies it pirated 558K copies of software, says contractor consented (Ars Technica) Military admits widespread install, but says its 38 licenses were not "limited"
Florida man charged in JPMorgan hacking probe (Naked Security) A Florida man is the ninth person to face charges related to the hefty data breach that JPMorgan disclosed in 2014
Dutch hacker found guilty of 2013 cyber attack but won’t be jailed (Dutch News) The Dutchman accused of launching a massive cyber attack on a spam blacklist publisher in 2013 has been sentenced to 240 days in jail, 185 suspended, in absentia
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Versus16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age.
NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, Dec 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market
Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing
Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, Nov 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.
CyberCon 2016 (Washington, DC, USA, Nov 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the defining challenge for the foreseeable future and CyberCon 2016 will provide a roadmap for innovation and collaboration that lead to more transparent and secure networks.
Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age
Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, Nov 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with email@example.com to receive 20% off the conference price.
SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.
4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.
Internet of Things (IoT) (Elkridge, Maryland, USA, Nov 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.