Cyber Attacks, Threats, and Vulnerabilities
Russia blamed for crashing Swedish air traffic control to test electronic warfare capabilities (International Business Times) Sources in the Swedish government have blamed Russian intelligence for causing a major cyberattack on Sweden's air traffic control system that lasted for at least five days in November 2015, allegedly due to Russia testing out its electronic warfare capabilities
Sweden Says its critical infrastructure was under Attack by Russian Hackers (HackRead) Sweden sent a message to NATO and released alert all over claiming that the country was under threat of a serious cyber-attack in November 2015. According to reports, the Swedish government claimed of receiving two separate warnings and passed them to various NATO allies including Denmark and Norway
Special Report: Confirmed cyber attack against air traffic control system (Threat Brief) We have been following reports for the last two days indicating that outages in the Swedish Air Traffic Control System between 4 and 9 November 2015 were actually caused by malicious, sustained cyber attacks from highly trained groups either supported by or under the direction of the Russian government
Banking Trojans Nymaim, Gozi Merge to Steal $4M (Threatpost) Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym
Ransomware authors use the bitcoin blockchain to deliver encryption keys (IDG via CSO) The CTB-Locker ransomware uses a metadata field in bitcoin transactions to store decryption keys
Alert (TA14-017A) UDP-Based Amplification Attacks (US-CERT) Certain application-layer protocols that rely on User Datagram Protocol (UDP) have been identified as potential attack vectors
Guess what? URL shorteners short-circuit cloud security (Ars Technica) Researchers search for Microsoft, Google short URLs, find exposed personal data
Cisco UCS servers can be hijacked with malicious HTTP request (Help Net Security) A data center server platform running Cisco’s Unified Computing System (UCS) Central Software can be compromised by unauthenticated, remote attackers with a single, malicious HTTP request, security researcher Gregory Draperi has discovered
Why the smart office is highly susceptible to data breaches (Help Net Security) The Edge in Amsterdam is one of the smartest office buildings in the world. The state-of-the-art offices include 28,000 connected sensors for motion, light, temperature, humidity and other conditions, which can all be detected and adjusted to suit workers’ needs
The Global Cyber Crime Underground: Russia and Eastern Europe (Cyveillance) n last week’s blog, LookingGlass Cyber Threat Intelligence Group (CTIG) Senior Threat Analyst Emilio Iasiello and LIFARS Marketing Manager Michal Nemcok* provided a general overview of the global cyber crime underground, as well as a more in-depth look at the Chinese criminal underground. Today, they focus their discussion on the Russian and Eastern European criminal marketplaces
East European Criminal Fastflux Infrastructure (Team Cymru) Fast flux networks allow miscreants to make their network more resistant against takedowns. By updating and changing the A records of a domain rapidly, there is a constant changing list of IPs hosting the domain involved, making it harder to shutdown. The carding site at csh0p[.]cc is hosted on a fast flux network. The servers are largely located in the Ukraine and Russia. Analysis of IPs used by this fastflux networks showed that they were also used by a Teslacrypt ransomware payment site and a TreasureHunter POS controller (friltopyes[.]com) in March 2016
Blizzard Hit By Multiple DDoS Attacks (Kotaku) Players couldn’t log into games like World of Warcraft and Diablo III for several hours last night thanks to a series of DDoS attacks that flooded Blizzard’s servers, the developer said. Blizzard says they’ve since thwarted the problem, though some login issues could linger this morning
Blizzard is fending off a potential Lizard Squad cyberattack that’s affecting Battle.net (Venture Beat) You may have trouble getting your Hearthstone on
Anonymous Shut Down Dalhousie University Website Against Halifax Rape Case (HackRead) In November 2015, HackRead reported about the hacktivist group Anonymous forcing Halifax Regional Municipality police into reopening the investigation of a sexual assault case involving an 18-year-old girl Jane Doe attacked by a fellow student on Halloween night at a Dalhousie University frat house in Halifax Nova Scotia, Canada
Security Patches, Mitigations, and Software Updates
Urgent Call to Action: Uninstall QuickTime for Windows Today (Trend Micro: Simply Security) We’re putting the word out that everyone should follow Apple’s guidance and uninstall QuickTime for Windows as soon as possible
Alert (TA16-105A) Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced (US-Cert) According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation
Apple stops patching QuickTime for Windows despite 2 active vulnerabilities (Ars Technica) Security firm urges Windows users to uninstall media player
VMSA-2016-0004 (VMware Security Advisories) VMware product updates address a critical security issue in the VMware Client Integration Plugin
Cyber Trends
U.S. government worse than all major industries on cyber security (Reuters via Business Insurance) U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and health care, according to a report released Thursday
Mismatch of HIT and workflow tops list of patient safety concerns (FierceHealthIT) A disconnect between health IT configurations and organizational workflow topped the ECRI Institute's 2016 list of top 10 patient safety concerns
Status Quo Stagnates Healthcare Data Security Performance (Dark Reading) Healthcare organizations still largely driven by compliance and legacy attitudes
Why few US consumers penalize hacked companies? (Help Net Security) About a quarter of American adults reported that they were notified about their personal information being part of a data breach in the previous year, but only 11 percent of those who have ever been notified say they stopped doing business with the hacked company after the event occurred, according to a new study
UK world's most targeted nation for phishing scams and ransomware (Information Age) Why is the UK so high on the list of targets for scammers, and what can we do to protect ourselves?
Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers? (Wired) After much speculation over who provided the FBI with the mysterious solution for hacking into the San Bernardino iPhone, the Washington Post reported this week that it was a “gray hat” hacker who came forward to save the day for the feds
Marketplace
10 Things Cyber Insurance Won't Cover (Dark Reading) Cyber insurance policies come with some important caveats to keep in mind
Products, Services, and Solutions
AristotleInsight's New Regulation Roadmap Feature Helps Expand the Cyber Intelligence Cycle (PRNewswire) In response to a need for faster compliance reporting, the engineers at Sergeant Laboratories recently developed the latest addition to their AristotleInsight software, the Regulation Roadmap
Menlo Security integrates malware isolation platform with Check Point firewalls, gateways (FierceITSecurity) Menlo Security, a security startup that emerged from stealth mode last year, is partnering with Check Point to integrate its isolation platform with Check Point's next-generation firewalls and vSEC Virtual Edition gateways, which protect virtualized environments from threats by securing virtual machines and applications
Signs point to Apple abandoning OS X branding in favor of “MacOS” [Updated] (Ars Technica) Change would bring the Mac in line with iDevices, the Apple Watch, and Apple TV
Technologies, Techniques, and Standards
Ransomware, Cyberattacks, and Hacking in the Health Care Industry: Lessons from a Letter to the FBI (Forbes) The last several weeks have brought a host of alarming revelations regarding the vulnerability of some of the most confidential data that corporations and legal entities maintain on their servers
The Risk Room: Building the Right GSOC for Your Business (Security Magazine) A GSOC’s value is now recognized as a necessity to support an enterprise’s global business goals and operations
The Time Has Come to Hack the Planet (Threatpost) Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard that began about 11 years ago with the emotionally loaded title “Responsible Vulnerability Disclosure,” and was finally published in early 2014 as ISO/IEC 29147 Vulnerability disclosure, is now available for download at no cost
5 Steps to Improve Your Software Supply Chain Security (Dark Reading) Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk
'Threat Hunting' On The Rise (Dark Reading) Rather than wait for the adversary to strike, many enterprises are going out actively looking for them
HTTP Public Key Pinning: How to do it right (Internet Storm Center) One of the underutilized security measures I mentioned recently was "HTTP Public Key Pinning", or HPKP. First again, what is HPKP
BBB urges digital spring cleaning (Barre Montpelier Times-Argus) The Better Business Bureau and the National Cyber Security Alliance, are urging consumers to make digital devices an additional target of their spring cleaning activities
Design and Innovation
A Scheme to Encrypt the Entire Web Is Actually Working (Wired) Apple's move to encrypt your iPhone and WhatsApp’s rollout of end-to-end encrypted messaging have generated plenty of privacy applause and law enforcement controversy. But more quietly, a small non-profit project has enacted a plan to encrypt the entire global web. And it’s working
Google May Have Found a Way to Make the Real-World Web Work (Wired) Remember beacons? Honestly, there’s not much reason you would
Facebook’s working on auto-tagging us in videos (Naked Security) Has anybody ever captured your image as you lunged at them, screaming “STOP THE TAGGING MADNESS!!”?
Legislation, Policy, and Regulation
MEPs back sharing airline data to ‘fight terrorism’ (Euro News) The European Parliament has backed sharing airline passenger data across the EU as part of the fight against terrorism
Top European countries launch tax crackdown (Seeking Alpha) In the wake of the Panama Papers scandal, the EU's five biggest economies have struck a deal to crackdown on tax avoidance, agreeing to exchange information on the beneficial owners of companies and trusts
'Silly old journalist' -- Congress and the encryption debate (FierceITSecurity) To paraphrase Christopher Robin in Winnie-the-Pooh – "Silly old journalist"
FBI stays inside for new CIO (Federal News Radio) The FBI turned to a familiar face for its new chief information officer
Cyber Is Not Always The Answer (SIGNAL: The Cyber Edge) Intrusions into U.S. networks do not necessarily require a cyber return of fire
Texas prisons’ new rules aim to force social media to close inmate accounts (Ars Technica) New rules prohibit friends and family from updating Twitter, Facebook, or Instagram
California Kills Phone Decryption Bill, But Bigger Battles Loom (Threatpost) Civil liberty groups and tech firms are celebrating the defeat of a controversial California bill that would have forced phone makers to decrypt their devices by court order. The proposed legislation, AB 1681, died when lawmakers refused to give the bill a vote
Litigation, Investigation, and Law Enforcement
No links to foreign terrorists found on San Bernardino iPhone so far, officials say (Washington Post) The FBI has found no links to foreign terrorists on the iPhone of a San Bernardino, Calif., terrorist but is still hoping that an ongoing analysis could advance its investigation into the mass shooting in December, U.S. law enforcement officials said
Apple probably won’t find out how the FBI hacked the San Bernardino iPhone (Macworld via CSO) And the iPhone 5c in question hasn’t yielded significant evidence in the crime, according to a report
Microsoft Sues U.S. Over Orders Barring It From Revealing Surveillance (New York Times) Big technology companies have usually played a defensive game with government prosecutors in their legal fight over customer information, fighting or bowing to requests for information one case at a time
A New Lawsuit from Microsoft: No More Gag Orders! (Just Security) Microsoft is once again making headlines via litigation over government’s use of the Stored Communications Act
What's this about Canada reading your BlackBerry texts? (Register) What we knew in 2010, 2012 and 2014 we still know in 2016
‘Blackhole’ Exploit Kit Author Gets 7 Years (KrebsOnSecurity) A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts — including “Paunch,” the nickname used by the author of the infamous “Blackhole” exploit kit
Суд в Москве приговорил семерых хакеров к длительному заключению за взлом сайтов банков (ТАСС) Ущерб от действий подсудимых составил более 25 млн рублей
US court agrees with feds: Warrants aren’t needed for cell-site location data (Ars Technica) Data placed suspects near a string of Radio Shack and T-Mobile store robberies
Former U.S defense contractor sentenced for passing military secrets to India (UPI) A former U.S. defense contractor with access to sensitive U.S. weapons systems has been sentenced to over four years in federal prison for passing information on those weapons to India
Dubai Issues Fatwa Against Using Neighbor’s Wifi without Permission (HackRead) Fatwa issued in Dubai, against WiFi theft with a warning that stealing your neighbors WiFi will be contradictory to Islamic principles. This Fatwa was issued this week by Dubai’s Islamic Affairs and Charitable Activities Department, wherein the concerned authorities posted the religious announcement on their website