Cyber Attacks, Threats, and Vulnerabilities
Japan's critical infrastructure under 'escalating' cyber attack, says report (ZDNet) Operation Dust Storm has migrated to exclusively seek out organizations involved in Japanese critical infrastructure and resources, says security firm
New Security Research from Cylance SPEAR™ Team Uncovers Multi-Year, Multi-Attack Campaign Targeting Japanese Critical Infrastructure (Cylance) “Operation Dust Storm” reveals increasingly sophisticated, targeted and successful cyber-attacks against Japanese electric utility, oil and gas, finance, transportation and construction companies
Operation Dust Storm (Cylance ) Cylance SPEAR has uncovered a long-standing persistent threat targeting numerous major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries
Collaborative Operation Blockbuster aims to send Lazarus back to the dead (Symantec Security Response) A cross-industry initiative aims to tackle a disruptive attack group called Lazarus. Attacks linked with the threat actor targeted the US and South Korea, and some involved destructive malware
Operation Blockbuster (Novetta) In Operation Blockbuster, a Novetta-led coalition of private industry partners joined together to identify, understand, expose, and aid industry in degrading the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including the November 2014 Sony Pictures attack. Our story demonstrates private industry’s new role in ensuring the balance of global cyber defense
Sony Hackers Behind Previous Cyberattacks Tied To North Korea (Dark Reading) 'Lazarus Group' cyber espionage group has been operating in major attack campaigns since at least 2009, according to new investigation, bolstering the FBI conclusion that North Korea was behind the epic Sony breach
The Sony Hackers Were Causing Mayhem Years Before They Hit the Company (Wired) The hackers who crippled Sony in 2014 weren’t striking for the first time
Mobile banking Trojan bypasses Google Play security (Help Net Security) The Acecard malware is capable of attacking users of nearly 50 different online financial applications and services and is able to bypass Google Play store security measures, according to Kaspersky Lab
Got an ASUS router at home? Read this. (FTC Consumer Information) Many of us don’t think twice about our home wireless router after setting it up
A positive step for insecure home routers (CSO) It is gratifying to see one's passion result in a positive change that could benefit many people
uKnowKids Goes on Attack After Database of 1,700 Kids Found Insecure (Threatpost) Child safety firm uKnowKids is blasting a security researcher who discovered the company exposed 1,700 identities of the children they were supposed to be protecting
Sensitive child profiles, private messages exposed online (Help Net Security) Security researcher Chris Vickery has discovered another database containing sensitive user data exposed online (i.e. accessible via Internet). Leveraging Shodan, he unearthed a database compiled and used by US-based uKnowKids, a company that helps parents monitor what their kids do online and on the mobile phone
Researcher tells child tracking firm it has left its database wide open, and is accused of 'hacking' (Graham Cluley) The CEO of a child tracking company has accused a security researcher of hacking the firm after the researcher reported on a database error that exposed thousands of customers' children's personal information
ESET surveys reveal ages of unsupervised children surfing the web (SC Magazine) British parents allow their children to surf the web unsupervised years prior to the children gaining their trust to be given their own set of house keys
CTB-Locker for Websites: Reinventing an old Ransomware (Bleeping Computer) CTB-Locker, otherwise known as Critroni, is a Windows ransomware that saw wide distribution in the summer of 2014 and slowly decreased in distribution
Ransomware attacks emerge from the shadows (Business Insurance) More “ransomware” attacks can be expected along the lines of the incident reported last week, when a Los Angeles hospital agreed to pay the equivalent of $17,000 in bitcoins to regain control of its computer systems
Los Angeles Hospital Hack Raises Concerns About Ransom Attacks (NPR) NPR's Audie Cornish talks to Adam Kujawa, head of malware intelligence at the security firm Malware-bytes, about ransomware and what users and companies should do if they get hacked
PowerPoint and Custom Actions (PhishMe) We’ve recently observed a Phishing attack which uses PowerPoint Custom Actions instead of macros to execute a malicious payload. Although using PowerPoint attachments is not new, these types of attacks are interesting as they generally bypass controls that assert on macro enabled Office attachments
New Android Malware Discovered, But There’s a Possible Workaround (Neurogadget) A new Android malware has been discovered by a security team known as Heimdal Security. The malware, which is known as Mazar, is believed to be targeting Android users in Europe
Analyzis of a Malicious .lnk File with an Embedded Payload (Internet Storm Center) We received some feedback today from Nick, a SANS ISC reader who detected an interesting phishing campaign based on an ACE file
Phishing remains top attack vector for criminals, both novice and professional (CSO) Humans are still the softest of targets
Baidu web browsers leaked sensitive information, researchers say (IDG via CSO) Baidu has fixed some of the issues, but others remain
Hackers use Microsoft security tool to pwn Microsoft security tool (Register) EMET knocks out EMET. And the winner is ... nobody. Except Linux advocates
Using EMET to Disable EMET (FireEye) Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a project that adds security mitigations to user mode programs beyond those built in to the operating system. It runs inside “protected” programs as a Dynamic Link Library (DLL), and makes various changes in order to make exploitation more difficult
Akamai and the Glibc Vulnerability (CVE-2015-7547) (Akamai Blog) Akamai continues to investigate the Glibc vulnerability outlined in CVE-2015-7547 to see how its technology may be affected
Bugs in Outdated Mobile Software Leave Network Door Open to Hackers (Legaltech News) How unsecured devices’ outdated Java and Flash software may leave a firm at risk — and invite in some unwelcome guests
Webroot 2016 Threat Brief Explores Next-Generation Cyber Threat Landscape and Targeted Intrusion Trends (PRNewswire) Rise of polymorphic malware, significant increase in malicious IPs, and upsurge of PUAs demonstrate that traditional cybersecurity defenses are nearly useless
The problem with open source malware (Trend Micro: Simply Security) Open source code is often a great thing: The sharing of information online can enhance the collaborative nature of technology and improve the ways in which we communicate and work
The industrialization of cybercrime may be upon us (We LIve Security) We are slowly seeing the “industrialization” of cybercrime according to an expert
Killing the malware-as-a-service supply chain (ITWeb) Almost everything in IT seems to be becoming available as a cloud-based or "as-a-service," delivery model. We've seen software-as-a-service (SAAS), platform-as-a-service (PAAS) and event infrastructure-as-a-service (IAAS). And now cyber criminals are looking to imitate the marked scalability of the ‘as-a-service' model, with malware-as-a-service (MAAS)
Security Patches, Mitigations, and Software Updates
Enhanced Mitigation Experience Toolkit (Microsoft Security TechCenter) The Enhanced Mitigation Experience Toolkit (EMET) is designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities
Drupal 6 hits the end of the line (Naked Security) Today, Wednesday 24 February 2016, is the end of the line for Drupal 6
Cyber Trends
Did the Dark Web just get a whole lot bigger? (Naked Security) The term dark web refers to a largely secret and anonymous part of the internet where, in two words, anything goes
Some websites turning law-abiding Tor users into second-class citizens (Ars Technica) Tor users blocked or faced with CAPTCHA if IP address matches known exit node
Is threat intelligence being devalued by an information overload? (Computer Business Review) Analysis: The comfort blanket of data in threat intelligence is suffocating cyber security analysts
Perceptions and buying practices of infosec decision makers (Help Net Security) CyberEdge Group surveyed 1,000 IT infosec decision makers and practitioners from 10 countries, five continents, and 19 industries, and unsurprisingly, the news is not good
Physical security has many holes to be plugged (CSO) Delivering improved reliability through physical security represents the next frontier for continuous improvement
Firms Face £18 Million Bill for Mobile Data Breaches (Infosecurity Magazine) Over 60% of the world’s biggest organizations have had a data breach resulting from employees trying to access sensitive information via their mobile devices, potentially costing them over £18 million each, according to Lookout
Study: Rush to connect to Internet of Things could open security gaps (Chicago Tribune) The rush by companies eager to incorporate the Internet of Things in their operations could introduce potential cybersecurity threats, according to a study released Monday
Marketplace
Details matter when filing cyber business interruption claim (Business Insurance) Insurance buyers need to be able to clearly demonstrate the effect that a cyber incident has had on their business when making a business interruption claim, experts at a seminar in London Tuesday said
Cyber security startups face funding drought (Reuters) The U.S. cyber security industry, once one of the hottest targets for venture capitalists, is now grappling with a funding slump that has forced some startups to sell themselves or cut spending
Wynyard to raise $30M in deeply discounted rights offer (Scoop) Wynyard to raise $30M in deeply discounted rights offer; shares tumble 37%
Rumor: IBM gobbles Bruce Schneier, Resilient for $100m (Register) Security guru is CTO of biz believed to have been bought by Big Blue
BlackBerry doubles down on cyber security services with UK consultancy buy-out (Computer Business Review) BlackBerry has acquired UK-based cybersecurity consultancy Encription, which will form part of a new consulting practice it is launching to continue its pivot towards services
Thycotic acquires security company Arellia (PE Hub) Thycotic, a provider of privileged account management (PAM) solutions for more than 3,500 organizations worldwide, today announced it has completed the acquisition of Arellia, a provider of Windows endpoint security and application control software
Tenable Network Security expanding its reach into federal market (FedScoop) The Columbia, Maryland-based company's products are in use at DISA and part of Homeland Security's CDM program
Rising Cyber Firm Tenable Hires Former Maryland SWAT Leader (DCInno) Suffice to say, Makrokanis' resume is astonishingly impressive
A Video Conversation with Bob Olsen, CEO and Founder of North Star Group and COMPASS Cyber Security - Part I (Baltimore City Biz List) Managing programs and developing solutions to safeguard sensitive data everywhere
Products, Services, and Solutions
Phantom Announces the First Purpose-Built, Community-Powered Security Automation & Orchestration Platform (BusinessWire) Innovation connects existing security products to help security operations accelerate investigation, response & recovery through automation & orchestration
Cyphort and DB Networks Partner to Provide Full Spectrum Visibility (BusinessWire) Cyphort, the next generation APT defense company, announced today that it has partnered with DB Networks, a leader in database cybersecurity
Centrify's identity security offering now available for Good platform (FierceMobileIT) Centrify Tuesday announced the use of its identity security smartcard tech to access processes for enterprises that use the Good Dynamics Secure Mobility Platform
AdaptiveMobile Launches NPP 6 - The World's First Converged Carrier Security Platform (Netherlands Corporate News) Mobile World Congress- AdaptiveMobile, the world leader in mobile network security, today announced the launch of its Network Protection Platform (NPP) 6, providing the most advanced, consistent protection against all current and emerging threats to Communication Service Provider (CSP) networks
New Duo Platform Now Identifies and Mitigates the Riskiest Corporate Vulnerabilities, Without Installing Agents (Sys-Con Media) New research reveals most organizations have no visibility into employee devices accessing their networks
MasterCard fine-tunes analytics to reduce false fraud alerts (FierceFinanceIT) MasterCard is launching a new suite of analytics aimed at reducing the number of unnecessary credit card declines while maintaining the same level of fraud prevention
Attacker View exposes hidden cyber attack paths (Help Net Security) Illusive networks launched illusive 3.0 with Attacker View, a technology that enables IT security professionals to view their corporate network from an attacker’s perspective
Huawei and Nexusguard team up with DDoS offering (IT Pro Portal) DDoS attacks are one of the most worrying threats that enterprises face
Technologies, Techniques, and Standards
Working towards a common set of IoT standards (Help Net Security) Major industry leaders who are invested in the future of the Internet of Things, announced they will unify as the Open Connectivity Foundation (OCF), an entity whose goal will be to help unify IoT standards so that companies and developers can create IoT solutions and devices that work seamlessly together
Are you prepared to respond to ransomware the right way? (CSO) You get the call you’ve been dreading. No, not a breach. The other call
Chasing Foxes by the Numbers: Patterns of Life and Activity in Hacker Forums (Recorded Future) “Pattern of life analysis” is an effective counter terrorism technique that can be applied to cyber threat intelligence. Using patterns to classify adversary behaviors rather than relying on distinct Internet handles, like “UglyGorilla” or “Hassan20,” cyber threat analysts are able to look across multiple handles, posts, forums, and social media sites to identify signals of malicious activity
6 Things to Consider Before Investing in Email Encryption Software (Legaltech News) Threats to digital data and strong vendor competition have led to a plethora of encryption options
The Sophisticated Hack: Business Email Compromise (JDSupra) Gone are the days of the overtly suspicious request from a Nigerian prince asking for your social security number or a friend needing a loan to get out of jail in a foreign country
Research and Development
DHS S&T Awards OTS Contract to Pulzze Systems for Internet of Things Security (Executive Biz) The Department of Homeland Security‘s science and technology directorate has awarded the first Innovation Other Transaction Solicitation contract worth $200,000 to California-based small business Pulzze Systems to help secure the Internet of Things
Researchers create super-efficient Wi-Fi (Ars Technica) Passive Wi-Fi consumes 1/10,000th the power of conventional wireless networks
Academia
Public Vs. Private: Is A Prestigious Infosec College Degree Worth It? (Dark Reading) Today's graduates coming into the information security industry from private universities aren't ready for the workforce
New Jersey Institute of Technology receives $4 million grant for cybersecurity education (EurekAlert) NJIT, home to the largest computer science program among all research universities in the New York metropolitan area, continues to build a critical mass and increase its visibility as a top university for future leaders in the field of cybersecurity
Legislation, Policy, and Regulation
What You Need to Know About the New General Data Protection Regulation (GDPR) (JDSupra) The EU Parliament Committee on Civil Liberties, Justice, and Home Affairs (“LIBE”) finally released the text of the long anticipated new data protection law
Xi Jinping’s News Alert: Chinese Media Must Serve the Party (New York Times) The Chinese news media covered President Xi Jinping’s most recent public appearances with adulation befitting a demigod
Ensure Twitter isn't used to spread terrorism: Prasad (Business Standard) The minister cautions that the country is 'sitting in the midst of a mini-terrorist hub
U.S. to Further Scour Social Media Use of Visa and Asylum Seekers (New York Times) The Department of Homeland Security, at the urging of Congress, is building tools to more aggressively examine the social media accounts of all visa applicants and those seeking asylum or refugee status in the United States for possible ties to terrorist organizations
DHS, DOJ issue guidelines, procedures for sharing cyber threats (SC Magazine) The Department of Homeland Security (DHS), along with the Department of Justice, issued two sets of guidelines and procedures, required by the Cybersecurity Act of 2015, for federal agencies and the private sector to use regarding the sharing of cyber threat indicators
How CISA Affects Business and Limits Liability (Legaltech News) Expert break down CISA and discuss what it means to your business
The Encryption Wars And Privacy Shield (New America) Former NSA and CIA director Michael Hayden joins The Cybersecurity Podcast to talk about his new book, "Playing to the Edge: American Intelligence in the Age of Terror." Hayden – now a principal at The Chertoff Group – discusses the need to balance national security secrets and the public's right to government transparency, his reaction after Edward Snowden revealed details from mass surveillance programs he started, and why he's siding in favor of strong encryption for consumers
Coalition aims to solve privacy v. national security debate (Christian Science Monitor Passcode) As the standoff between Apple and the US government over unlocking an iPhone intensifies, the Digital Equilibrium Project is setting out to find the right balance between consumer privacy safeguards and national security interests
GDS aims to tighten email security (UKAuthority) New guidance highlights importance of encryption, verification and assurance based on Whitehall feedback
California Says Companies Should Embrace NSA-Developed Data Protections (Nextgov) The state of California has put companies on notice that they should be following a basic set of 20 information security controls developed by the U.S. government's top code breakers
Enabling Distributed Lethality: the Role of Naval Cryptology (Center for International Maritime Security) The U.S. Navy’s Surface Force is undergoing a cultural shift
Litigation, Investigation, and Law Enforcement
Congressman tells FBI to back down on Apple (CNN Money) Congressman Ted Lieu of California has asked the FBI to drop its legal attack on Apple
Apple's lawyers release list of other iOS devices waiting for backdoors (CSO) Apple's legal team publishes list of All Writs Act orders received
With 12 Other Active Cases, The FBI Can’t Claim That It’s Just About One iPhone (TechCrunch) The FBI and the Department of Justice have used a strong narrative to defend their case in the dispute between the FBI and Apple
Many unanswered questions in Apple-FBI controversy (CSO) A federal magistrate has issued an order granting the FBI permission to access the data on an Apple iPhone belonging Syed Rizwan Farook
Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone (CSO) Everyone has an opinion
Apple’s iPhone Blunder (Hoover Institution) Can the United States government compel Apple to help break into the phone of Syed Rizwan Farook, who, along with his wife Tashfeen Malik, gunned down fourteen innocent people last December at the Inland Regional Center in San Bernardino?
Has Encryption Gone Too Far? (New York Times) When Apple refused to help the F.B.I. unlock the iPhone 5c of one of the attackers who killed 14 people in San Bernardino, Calif., in December, the company was criticized for preventing law enforcement from doing its job
Snowden lawyer: Bill of Rights was meant to make government’s job “more difficult” (Ars Technica) Ars Q&A: We sit down with Ben Wizner of the American Civil Liberties Union
If Amazon were in Apple’s position, would it unlock its cloud for the feds? (Network World) As Apple continues to resist FBI demands to unlock a terrorist suspect’s phone, it raises a question: What if Amazon Web Services was ordered to provide access to a customer’s cloud? Would AWS hand the data over to the feds?
Judge rules Clinton staff can be questioned about emails (Politico) A federal judge on Tuesday ruled that top Hillary Clinton staff should be questioned under oath about her use of a private email — another potential setback to the Democratic frontrunner's effort to leave the email controversy behind
Judicial scrutiny of intel agencies may dent national security: Supreme Court (Economic Times) Putting intelligence agencies IB, RAW and NTRO under judicial scanner may "dent" national security, the Supreme Court today said while rejecting a PIL seeking to make these bodies accountable to Parliament for their actions and expenditure
Responsibility Shifting for Cyber Attacks? (JDSupra) When a company's protected data is compromised, potential litigants generally look to the company itself as the target for damages claims
Prosecutors say corrupt Silk Road agent has co-conspirators at large (Ars Technica) Government alleges Shaun Bridges stole their bitcoins, too