Kryptowire finds backdoor in phones--they report back to China. Not a shocker, but interesting--espionage services use social media in tradecraft. Retefe Trojan implicated in Tesco fraud? Industry and legal notes.

Cyber Attacks, Threats, and Vulnerabilities

Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say (New York Times) For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours

The election is over but spammers aren't conceding (Christian Science Monitor Passcode) During the presidential campaign, experts spotted an explosion in malicious email spam attempting to trick recipients into downloading harmful files or revealing personal data. And the spammers aren't going away

Trump Protesters Falsely Accused of Anti-Chinese Racism in Viral Weibo Story (Motherboard) The popular Chinese microblogging site Weibo sent a push notification to countless smartphones in China on Monday, advertising a post that claimed that anti-Trump demonstrators in the United States were responsible for a surge of hatred against Chinese-Americans

Spies Use Tinder, and It's as Creepy as You'd Think (Motherboard) On September 4, a group of young activists planned to attend a demonstration against Interim President Michel Temer in the city center of São Paulo. They never made it. Their group had been infiltrated by an Army Captain Willian Pina Botelho—via Tinder

Someone tried to infect Army Cyber Command with ransomware (CyberScoop) Phishing emails that were sent last week as part of an extensive ransomware campaign designed to target government employees and contractors were also found in the inboxes of Army Cyber Command employees, a spokesperson told CyberScoop

IoT devices in the enterprise (Zscaler Blogs) A look at the enterprise IoT device footprint and IoT traffic analysis

Medical devices pose weak link in preventing cyber attacks (Health Data Management) For many users of Johnson & Johnson’s OneTouch Ping insulin pump, the benefit of ease of use has been outweighed by the fear of hacking

The US grids have been cyber attacked –industry response and information sharing has failed (Control Global Unfettered Blog) According to “official” sources, the US electric grid has never been cyber attacked. However, that is not true. There have been several cases where nation-states and others (not identified) have cyber attacked the US electric grid

New versions of SpamTorte discovered (SC Magazine) Verint details discovery of SpamTorte 2.0, an Advanced multi-layered spambot campaign which they said is "back with a vengeance"

Experts question Microsoft's Windows zero-day response (TechTarget) A Windows zero-day disclosed by Google caught Microsoft between patch cycles, and experts questioned whether Microsoft downplayed the severity of the vulnerability

Tesco Bank Attack Linked to Trojan Targeting Other UK Lenders (Infosecurity Magazine) Security experts have linked the recent attack which cost Tesco Bank £2.5 million to the Retefe trojan and warned that countless other banks are also at risk around the world

Tesco Bank cyber attack could have been avoided, say experts (Bob's Guide) Internet security experts are now claiming that Tesco Bank missed or ignored warning signs that cyber hackers were present in the software many months before cash was actually stolen, forcing the supermarket to pay back £2.5m ($3.1m) of losses to 9,000 customers

78,000 military email accounts found in adult website hack (Washington Examiner) Tens of thousands of government and military-issued email addresses were among those stolen from a conglomeration of adult hookup and pornography sites last month, according to an analysis of the breach issued Monday by LeakedSource.com

KnowBe4 Warns Employees Against “AdultFriendFinder” Scams (BusinessWire) Company warns of expected scams resulting from the 339 million adult accounts pilfered from sex community including fifteen million “deleted accounts”

Critical Linux bug opens systems to compromise (Help Net Security) Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers – both local and remote – to obtain root shell on affected Linux systems

Spotify desktop app bug writes data in massive proportions on a daily basis (HackRead) Our desktop’s hard drive might be in danger of losing a few years of its lifespan if you are an avid user of Spotify’s desktop app for accessing tuneage or satisfying your music cravings

This malware attack starts with a fake customer-service call (Help Net Security) The hackers call hotels, then send email attachments that look like customer information

Wi-Fi shadows cast by your fingers could leak your password (Naked Security) Researchers in a team from Shanghai, Boston and Tampa recently published an temptingly titled paper about password stealing

FBI says FIFA Ultimate Team console game hackers stole millions in virtual currency (Hot for Security) Modern-day criminals don’t need to steal from your wallet or even your online bank account to make themselves millions of dollars. They can also target video games, an increasing number of which have their own virtual in-game currency that can be used to buy or sell items attractive to players

Microsoft investigating UPenn racist cyberbullying incident (CNBC) GroupMe, the Microsoft-owned messaging app that was used for a racist cyberbullying attack last week at the University of Pennsylvania, said it removed the messages instantly and is investigating the case

Security Patches, Mitigations, and Software Updates

CVE-2016-7461: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability (SANS Internet Storm Center) VMWare published today advisory VMSA-2016-0019 affecting products VMware Workstation Pro / Player and VMware Fusion Pro / Fusion. The issue is located in the drag and drop feature, which is affected by an out-of-bounds memory access vulnerability

Patch Tuesday overhaul: Microsoft to replace security bulletin index with database-driven portal (ZDNet) Over the past year, IT admins and security professionals have had to deal with massive changes in the way Microsoft delivers updates. Beginning in 2017, they'll have to adjust to a new format for security bulletins as well

Despite privacy concerns, Microsoft calls Windows 10 'the most secure version of Windows' (Tech Republic) Microsoft recently penned a blog post explaining some of the security updates in the Windows 10 Anniversary Edition, especially dealing with protecting against ransomware

Twitter (finally) updates its abuse policy: easier troll reporting, more granular mutes (TechCrunch) In the wake of the U.S. Election, as Facebook and Google come under fire for the dissemination of fake “news” in their News Feed and search results, Twitter is tackling another area that’s been a flashpoint issue not only recently, but for years: the social media platform today is unveiling some major updates to its safety policy, aimed at helping users weed out abusive Twitter accounts and Tweets

Facebook, Google ban fake news sources from their ad networks (Help Net Security) Despite Mark Zuckerberg’s dismissive attitude regarding the claim that Facebook had an inappropriate impact on the US elections, the company has moved to bar sources of fake news from its Facebook Audience Network ads

Cyber Trends

Preparing for the holiday shopping season? Cybercriminals are getting ready as well (Help Net Security) The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday

The Black Friday Heist: Financial Phishing Increases During the Holiday Season (BusinessWire) The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday

The key to combating cyber insecurity: changing behavior, training the workforce (Miami Herald) Cyber threats facing the United States and the world are growing at an alarming rate and are expected to continue to grow well into the 21st century

Marketplace

As Cybercrime Rises, So Does Spending On Cyber Security (Globe Newswire) The world is becoming increasingly connected through networks and data in an ecosystem governed by digital technologies which have created immense opportunities for individuals, businesses and organization

Nehemiah Security Announces Acquisition of Siege Technologies (Nehemiah Security) Expands portfolio with predictive performance solutions to model, map, quantify and forecast attacker capabilities

​Why new-look McAfee is making security vendors nervous (ARN) Security vendor targets Symantec, IBM, Trend Micro, Carbon Black, Sophos, Cylance, Crowdstrike, SentinelOne and co

Things You Should Know Before You Buy Raytheon (Seeking Alpha) Investors might not necessarily buy Raytheon(Forcepoint) as a short-term value play. As against the recent SA article that explained the upsides for Forcepoint, critical points were left out of the argument while making the bullish case. What are the issues that need to be resolved before investors make the bet on RCP (Raytheon cyber products)?

FireEye: Dominating The Cloud Security Market (Seeking Alpha) FireEye is transitioning into a cloud-based business model. It is still underperforming in market share growth compared to competitors. Will the proliferation of IoT be sufficient to achieve and maintain profitability?

TalkTalk profits soar as telecoms giant continues cyber attack recovery (City A.M.) TalkTalk’s earnings soared in the six months to September, despite total revenue falling 1.1 per cent

WISeKey creates a Joint Venture company “WISeKey Argentina” for the development of cybersecurity in Latin America. (Yahoo!) WISeKey International Holding (WIHN, a company listed on the Swiss stock exchange) through WISeKey ELA (its Spanish company headquartered in Bilbao), AC Investment & Consultant S.A. and Trend Technologies S.A. reached an agreement to form a Joint Venture for the creation of a new company WISeKey Argentina, with the objective of extending WISeKey’s global presence in Argentina

RiskVision Announces Key Executive Appointments to Capture Global Surge in Risk Intelligence Market Growth (Marketwired) Appoints former Cisco and Symphony Teleca executives Leo Hecke and Keith Higgins to scale customer and partner ecosystem and accelerate demand for respected brand

PacketSled Response to Matt Harrigan Comments (PacketSled) PacketSled takes recent comments made by our CEO, seriously. Once we were made aware of these comments, we immediately reported this information to the secret service and will cooperate fully with any inquiries. These comments do not reflect the views or opinions of PacketSled, its employees, investors or partners. Our CEO has been placed on administrative leave

Products, Services, and Solutions

Secure your identity and your device in one app with expanded protection from Lookout Personal (Lookout Blog) Today, Lookout is adding two new tools to our Personal app for individuals who are concerned about the safety of their digital identity and financial data

Device Authority and InVMA develops secure IoT solution for GCE Group portable connected medical device (Device Authority) Device Authority, a global leader in policy and device-driven security for the Internet of Things (IoT) and Gartner Cool Vendor 2016, has today announced it is working alongside strategic partner and systems integrator InVMA to deliver an innovative connected health solution for GCE Group

Dashlane Debuts New Password Management Features For Businesses (PRNewswire) SAML support, exclusive Smart Space Management™ make Dashlane easiest enterprise solution to implement

Thomson Reuters, Pillsbury, FireEye Align For Cybersecurity Compliance Program (Dark Reading) Thomson Reuters, Pillsbury and FireEye have teamed up to help businesses meet new regulations and manage cybersecurity-related risk

WISeKey to keep smart public lighting secure (Smart Cities World) The partnership aims to provide IoT devices with a layer of security that will make them more robust and secure

Swan Island Networks Announces TX360 Platform Innovations for Enterprise Security, Intelligence, and Business Continuity (IT Business Net) Swan Island Networks, a leading provider of cloud-based situational intelligence software and services, today announced the availability of the newly upgraded TX360 platform

LookingGlass Cyber Solutions Honored with CRN® 2016 Tech Innovator Award (BusinessWire) ScoutPrime takes top honors in the 2016 Editor’s Choice Category

Akana Named a Leader in API Management Solutions Report by Independent Research Firm (Benzinga) Akana, a leading provider of API Management, API Security, API Analytics and Microservices solutions for Digital Businesses, announced today that it has been named a Leader by Forrester Research, Inc. in its new report, "The Forrester Wave™: API Management Solutions, Q4 2016"

Five9 and Verint Announce Global Partnership, Extending Availability of Cloud Workforce Optimization and Analytics Solutions (BusinessWire) Partnership further expands availability of award-winning contact center and WFO solutions to organizations of all sizes

Ant Financial contracts with V-Key to secure mobile payments (Finextra) V-Key, a global leader in digital security, and Ant Financial Services Group, the leading global tech company that provides online and mobile financial solutions, have entered into a collaboration

GlobalSign Integrates High-Assurance Digital Certificate Issuance Services with Microsoft Azure Key Vault (MarketWatch) Users are able to issue high volumes of SSL/TLS certificates directly through the Key Vault service

Spirent Responds to Carrier Demands for Actionable Intelligence (BusinessWire) Spirent VisionWorks, the first solution to provide the active visibility carriers need to detect, isolate and troubleshoot service issues across the network

In Logs We Trust™: Announcing the Launch of the Waterfall BlackBox™ (PRNewswire) Restoring trust in network information for cyber-attack response teams and forensics

Technologies, Techniques, and Standards

CrySis Ransomware Master Decryption Keys Released (CyberParse) The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public

Dear Mirai, how thou shall plan for thee (CSO) This is only the beginning for these larger attacks, so start preparing now

How Special Operators Trained for Information Warfare Before the Mosul Fight (Defense One) At a two-day exercise in April, U.S. troops practiced waging warfare on an invisible yet vital battlefield

What is a Security Operations Center (SOC)? (Digital Guardian) Learn about how security operations centers work and why many organizations rely on SOCs as a valuable resource for security incident detection

8 Ways Businesses Can Better Secure Their Remote Workers (Dark Reading) Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe

3 Effective Ways to Monitor and Reduce Click Fraud (Huffington Post) If you use pay-per-click ads to promote your website to be picked up on a search engine, there’s one major thing you need to know: protect yourself from click fraud

Network security in the new service provider reality (Security Asia) We are standing at the cusp of a new digital era

Weave a web of deception to secure data (Help Net Security) Today’s technically superior and incredibly well-funded (often state-funded, in fact) hackers are not impressed with breach prevention and traditional security solutions

How automated investigation can accelerate threat detection (CSO) Cyber‫ security analysts are overwhelmed with the pressure of keeping their companies safe

Legislation, Policy, and Regulation

In The Lame Duck, How Congress Makes Cybersecurity A Non-Partisan Priority (Forbes) With a lame duck session of Congress looming, federal lawmakers are scrambling to push key legislative items through last-minute. One key area of concern is cybersecurity

Litigation, Investigation, and Law Enforcement

UK approves extradition of British hacker to the US (CSO) The US has accused Lauri Love of hacking government computers

Pentagon chief tells techies he does not condone Snowden's actions (The Hill) Defense Secretary Ash Carter told tech entrepreneurs on Monday that he does not condone the actions of ex-National Security Agency contractor Edward Snowden, showing little appetite for a pardon before President-elect Donald Trump takes office

Police Raid IS Suspects Across Germany (Radio Free Europe/Radio Liberty) German authorities have launched simultaneous raids on mosques, apartments, and offices in 10 states against suspected supporters of the Islamic State (IS) group

A US Judge May Sentence Wannabe Terrorists to ‘Deradicalization’ (Wired) Over three days starting Monday, Judge Michael J. Davis of the federal District of Minnesota will sentence nine men convicted of aiding the so-called Islamic State, better known in the West as ISIS

CIA, NSA ordered to reveal to judge whether they were involved in Occupy Philly surveillance (Philadelphia Inquirer) A federal judge has ordered the CIA and the National Security Agency to disclose to him whether they were involved in spying on Occupy Philadelphia protesters during their monthlong demonstration at what is now Dilworth Park five years ago

Navy denies it pirated 558K copies of software, says contractor consented (Ars Technica) Military admits widespread install, but says its 38 licenses were not "limited"

Florida man charged in JPMorgan hacking probe (Naked Security) A Florida man is the ninth person to face charges related to the hefty data breach that JPMorgan disclosed in 2014

Dutch hacker found guilty of 2013 cyber attack but won’t be jailed (Dutch News) The Dutchman accused of launching a massive cyber attack on a spam blacklist publisher in 2013 has been sentenced to 240 days in jail, 185 suspended, in absentia

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Versus16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, Dec 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.

Upcoming Events

Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, Nov 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

CyberCon 2016 (Washington, DC, USA, Nov 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the defining challenge for the foreseeable future and CyberCon 2016 will provide a roadmap for innovation and collaboration that lead to more transparent and secure networks.

Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, Nov 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Internet of Things (IoT) (Elkridge, Maryland, USA, Nov 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.