The CyberWire Daily Briefing 04.18.16

Summary

By The CyberWire Staff

Sweden’s Luftfartsverket (LFV) has officially stated that November outages in that country’s air traffic control system were caused by a solar flare, not Russian electronic warfare.

Russian and US officials are meeting this week in Geneva to develop confidence-building measures designed to avoid misinterpretations of actions and incidents in cyberspace.

More details emerge on the US cyber offensive against ISIS. Marine Corps EA-6Bs are reported to have moved into the area of operations, adding an airborne electronic warfare and cyber capability to the US options. When offensive cyber operations began against ISIS in February, US operators concentrated on disruption (roughly equivalent to jamming) but sources now say the US has moved on to spyware installation (enabling identification and targeting of individuals and networks) and denial of encrypted communication channels (forcing ISIS command and control into less secure channels).

Researchers at PortSwigger have reported finding an XSS filter bypass vulnerability in Microsoft’s Edge browser. The flaw is thought to reside in code imported from Edge’s ancestor, Internet Explorer. A patch is not yet out.

Cisco’s Talos group has again warned of the risks facing users of out-of-date JBoss servers. JBoss ransomware is active in the wild, and K-12 schools are thought particularly vulnerable.

“Phineas Fisher” has published an account of how he hacked Hacking Team last July. He says he found a vulnerable embedded device and worked his way in from there.

Magic Leap, Alert Logic, and Orange are reported to have made acquisitions.

The FBI may have a Firefox zero-day.

Notes.

Today's issue includes events affecting Australia, Canada, China, Russia, Sweden, United Kingdom, United States

We'll be covering the SINET ITSEF conference from Mountain View, California, Tuesday and Wednesday. Watch for our customary live-Tweets and special issues.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.

Sponsored Events

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016)

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

How Is EMV Transition Going? (eSecurity Planet) U.S. retailers are in no hurry to transition to EMV, surveys find. What is holding them back?

Time to Face the Ransomware Crisis in U.S. Healthcare: Industry Experts Speak Out (Healthcare Informatics) Industry experts agree it’s time for healthcare IT leaders to meet the ransomware crisis head-on

Legislation, Policy and Regulation

First on CNN: U.S. and Russia meet on cybersecurity (CNN) Senior cybersecurity officials from the U.S. and Russia are holding meetings this week on cybersecurity, renewing efforts to prevent the countries from mistakenly getting into a cyber war, U.S. officials say

Opinion: China's national security law significant for stability, development (New China) The national security law adopted by China will not pose a threat to others, but safeguard stability and development in the country and region as a whole

Germany Thinks Cyber (Trumpet) The German Army prepares for cyberwar

U.S. Ratchets Up Cyber Attacks on ISIS (Daily Beast) Military hackers are disrupting ISIS’s encrypted chats, implanting viruses in terrorists’ computers, and mining the machines to launch real-world strikes

DOD adds electronic attack aircraft to the fight against ISIS (Defense Systems) The Defense Department has turned to a wide array of capabilities in its fight to deal ISIS a “lasting defeat,” in the words of Defense Secretary Ashton Carter. In an announcement late this week, DOD said EA-6B Prowler aircraft from the Marine Corps Tactical Electronic Warfare Squadron 4 have deployed to Turkey to “support electronic attack requirements in Operation Inherent Resolve, the effort to counter” ISIS, also known as ISIL

Here’s What the Burr-Feinstein Anti-Crypto Bill Gets Wrong (Just Security) The latest Crypto War is being fought on multiple fronts: behind closed doors, in the courts, and now in Congress

Data security: Why there is an urgent need for universal law that will address privacy issues (Economic Times) Technology has stamped itself as the new frontier for civil liberties where the battle for tomorrow’s consumer will be fought on a trust score. Barely months after one of the world’s most valuable companies, Apple, refused to cooperate with the world’s most powerful government to hack a phone, Microsoft is taking on the United States Justice Department

House subcommittee examines preparedness for electrical grid cyberattack (SC Magazine) A House subcommittee hearing Thursday examined state and local government preparedness in case of cyberattack on the U.S. electrical grid

Undersecretary Spaulding on why NPPD needs a new name (Federal Times) The head of Homeland Security's Cyber Division explains what's in a name

Maryland National Guard steps up role in cyberspace (Baltimore Sun) Each year, the imaginary nation of Berylia is summoned into existence solely to have its simulated computer networks pummeled by an elite team of hackers

Products, Services, and Solutions

Is free antivirus software secure enough, or is it better to buy? (Peninsula) A piece of malicious software nicknamed Locky has been encrypting personal data and demanding a ransom to unlock files since February

Lieberman Software Teams With FireEye (SoCalTech) Los Angeles-based cybersecurity software developer LIeberman Software said this week that it has partnered with FireEye, to better respond to data breaches and threats. According to the company, its new integration triggers rapid, real time credential rotation for systems, whenever a cyber threat is identified, making it more difficult for attackers to gain access to systems

Technologies, Techniques, and Standards

DHS, DISA cyber chiefs: Network monitoring is still 'a challenge' (Fed Scoop) Sprawling organizations and layered networks pose hurdles to agencies attempting to be proactive about cybersecurity, federal officials told the Security Through Innovation Summit

Cryptography, information assurance, cloud and others: 5 key skills for cyber security professionals (Computer Business Review) List: Protecting data and systems in the modern business requires a range of disciplines

Marketplace

Cyber security has become an economic imperative (BUsiness Insider) Cyber security is an economic imperative. It is key to the protection of organisations of all sizes, to the personal data of our people, and to ongoing jobs growth and wealth creation. After all, a robust and thriving digital economy is built on trust

Cisco leads IoT security market, followed by Intel and Symantec (ChannelLife) The growing number of connected devices in organisations across the globe is driving the demand for IoT security. In fact, in 2015 the number of connected devices across the globe was 10.83 billion, and by 2020, the number will reach 41.15 billion, says Amrita Choudhury, one of Technavio’s lead analysts for IT security

Magic Leap Acquires Israeli Cyber Security Company NorthBit (Bloomberg) Magic Leap Inc., a U.S. startup working on a device that simulates reality, acquired Israeli cybersecurity company NorthBit to bolster its advanced software research

Alert Logic Acquires Click Security (Marketwired) Alert Logic (www.alertlogic.com), the leading provider of Security-as-a-Service solutions for the cloud, today announced that it acquired Austin-based Click Security

Orange Closes Acquisition of Cybersecurity Specialist (Light Reading) “Orange has identified cybersecurity as one of its strategic priorities. With this acquisition, Lexsi, the Threat Intelligence Services company, bolsters our ability to detect, analyse and respond to the threat of cyber-attacks and positions us as a major player in this field in Europe,” says Michel Van Den Berghe, CEO of Orange Cyberdefense

Inside CrowdStrike: What does Google’s first cyber security investment tell us about its security plans? (Computer Business Review) C-level briefing: CrowdStrike's CTO and co-founder explains what his company is doing differently and why that attracted investment from the world's most valuable company

What’s Going on with the Verizon Strike? (Law Steet) A 10-month-long contract dispute has finally come to a head as 36,000 Verizon employees went on strike Wednesday

Channel Beat: How Verizon Strike May Harm MSPs (CRN) This week Verizon workers started the largest strike the carrier has experienced in years. About 36,000 East Coast workers went on strike after the telecom company failed to reach an agreement with unionized employees

Palo Alto, Cognizant, Bright Spots as Barclays Cuts IT Spending Forecast (Barron's) Barclays analysts Mark Moskowitz and Raimo Lenschow and colleagues today cut estimates for global IT spending, citing a “subdued” outlook for services and continued struggle for hardware products of various kinds

Why Shares of Ixia Slumped on Friday (Motley Fool) The network security company now expects revenue to decline during the first quarter, which sent investors to the exits

FireEye Inc: Can FEYE Rekindle Its Rally? (Investor Place) Upside may not come all at once, but as a long-term play, FEYE has real potential

Cisco's Merger Maven Details How It's Rebooting Its Strategy (The Street) While Cisco Systems (CSCO - Get Report) built its name on routers, switches and network hardware, the Silicon Valley icon has rebooted its strategy in recent years to focus more on software. The San Jose tech giant is learning to code, and has acquired a slate of software properties to gain footholds in strategic markets

Research and Development

8 cyber security technologies DHS is trying to commercialize (Network World) Agency hopes to put $1 billion investment to practical use

Security Patches, Mitigations, and Software Updates

Uninstall QuickTime for Windows: Microsoft Stops Support (N4BB) Microsoft will no longer patch security flaws in QuickTime media player and is asking users to uninstall the software to avoid being hacked

Uninstall Quicktime, US Government urges PC users (Belfast Telegraph) The US government is urging PC users to uninstall Quicktime from their computers, over fears that weaknesses in the software could leave them vulnerable to cyber-criminals

Cyber Attacks, Threats, and Vulnerabilities

Swedish air controllers debunk cyber attack disruption theory (Register) Solar storms blamed for outage. Sweden's civil aviation administration (LFV) has concluded that radar disruptions that affected services in Stockholm and Malmö last November were down to the effects of a solar flare, scotching rumors reported by El Reg and others earlier this week that a hacker group linked to Russian intelligence might be to blame

Update: Swedish airports suffer potential cyber-attack (SC Magazine) Despite being initially blamed on a cosmic storm, a service outage in Sweden late last year may have been a co-ordinated attack

Researcher Identifies XSS Filter Bypass in Microsoft Edge (Softpedia) The issue is not fixed, Microsoft still working on it. Gareth Heyes, one of the security researchers working for PortSwigger, the company behind the famous Burp Suite security testing toolkit, has found a bypass for Microsoft Edge's built-in XSS filter

Cisco Researchers Discover Millions of Servers Which Can Spread Ransomware (Bitcoinist) Although some people will argue the topic of Bitcoin ransomware has been beaten around the bush one time too many, it is important to bring attention to these threats. A new Cisco Systems study shows how 3 million servers are at risk of ransomware infections. When will people and enterprises learn to take cyber security more seriously?

Millions of unpatched JBoss servers open to abuse (IT News) Security researchers at Cisco's Talos group have discovered a large number of vulnerable internet-connected systems running out-of-date JBoss installations, with thousands of servers already compromised

Schools put on high alert for JBoss ransomware exploit (CSO) More than 2,000 machines are ready to be infected, Cisco says

Rise of the malware-hunting malware (Venture Beat) Imagine this scenario: A malware operator breaks into a network and finds another malware there already at work. What happens next? Do they collaborate or attack each other?

The Vigilante Who Hacked Hacking Team Explains How He Did It (Motherboard) Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it

Hacker who hacked Hacking Team published DIY how-to guide (Network World) The hacker who hacked the Hacking Team published a DIY how-to guide, explaining how he did it and including tips to avoid being busted.

This Hacker's Account of How He Infiltrated Hacking Team Says a Lot About Digital Security (Gizmodo) You may remember that last year, a hacker exposed the inner workings of Hacking Team, a company that makes spyware for governments. Now that the dust has settled down, someone claiming to be the hacker has posted all the details on how he did it

Hack Back! A DIY Guide (Pastebin) The English-speaking world already has tons of books, talks, guides, and info about hacking. In that world, there's plenty of hackers better than me, but they misuse their talents working for "defense" contractors, for intelligence agencies, to protect banks and corporations, and to defend the status quo. Hacker culture was born in the US as a counterculture, but that origin only remains in its aesthetics - the rest has been assimilated. At least they can wear a t-shirt, dye their hair blue, use their hacker names, and feel like rebels while they work for the Man

New malware GozNym is stealing millions from U.S. bank account holders (Yahoo! Tech) Hiding your money under your mattress may seem like an antiquated idea, but it may be the only way to stop a new hybrid malware monster that is attacking American and Canadian bank accounts

10 whaling emails that could get by an unsuspecting CEO (CSO) Real-life whaling attempts show the intricate changes perpetrators try to make to trick a CEO

Criminals Bribe Chinese Security Firm to White-List Malware (Spamfighter) The latest about cyber-criminals is that they're bribing security companies for smuggling malicious software and incorporating it into mobile gaming applications' source-codes. Security investigators belonging to Check Point exposed the scam wherein owners of malicious software bribed the staff working at one China-based mobile games firm for embedding malware inside mobile applications

Cyber attack temporarily shut down Newark police computer systems (NJ.com) A cyber attack against the Newark Police Department computer network shut down various systems used by the department for several days last week, NJ Advance Media has learned

UBC faces cyber attack (Ubyssey) On Thursday, April 14, UBC announced that it has been the target of what they are identifying as a “brute force attack” against their identity management infrastructure

Explosion in ransomware, 0-days driven by cybercriminals' growing professionalism (CSO) Online extortionists borrowing from marketing playbook to speed payment as Australia remains world's biggest target

That man who ‘deleted his entire company’ with a line of code? It was a hoax (CSO) Stack Overflow said it was 'not particularly amused'

Academia

Northrop Grumman Awards Scholarships to Cyberpatriot VIII Winners (EIN News) Northrop Grumman Corporation (NYSE:NOC) awarded $50,500 in scholarships last night to high school students on the winning teams of the CyberPatriot VIII National Finals Competition

Litigation, Investigation, and Enforcement

Is the FBI Hiding a Firefox Zero-Day? (Softpedia) After FBiOS, get ready for Mozilla vs. the FBI. A question posed by a researcher from the International Computer Science Institute in Berkeley, California has led many to believe, even us, that the FBI may be sitting on a Firefox zero-day which it is currently fighting in US courts to keep secret

German spy chiefs on Snowden: Leaks were Russian op to drive ‘wedge’ between US & Europe (Russia Today) Edward Snowden’s leaks on the BND targeting European bodies and individuals at NSA’s request could be part of Moscow’s elaborate efforts to “drive a wedge” between the United States and Europe, German intelligence chiefs have claimed

Microsoft spells out Azure security liability (Cloud Pro) Advisory details which areas of its private cloud offerings companies need to safeguard themselves

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.

2016 Cybersecurity Symposium ( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes related to cybersecurity, which will include practice research and technologies. This symposium seeks submissions from academia, industry, and government to present innovative research, case studies, and best practices on all practical and theoretical aspects of cybersecurity.

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB

Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams

Security & Counter Terror Expo 2016 (London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge.

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, April 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more

Army SIGINT (Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference

6th European Data Protection Days (EDPD) (Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments such as the EU General Data Protection Regulation and the landmark decision by the European Court of Justice that the Commission’s US Safe Harbor decision is invalid.

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.