In the News

In the News


This section features topical, current news items of interest to the international security community. These articles and highlights are selected from various popular science and security magazines, newspapers, and online sources.

(ID#:14-3355)


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


International News

International News


"Skeleton Key malware linked to backdoor Trojan: Symantec," Security Week, 30 January 2015. Symantec researchers have discovered that Skeleton Key, malware discovered earlier this month that targets Active Directory domain controllers may be connected to "Backdoor.Winnti," which has previously attacked Asian gaming companies. (ID# 14-70078) See http://www.securityweek.com/skeleton-key-malware-linked-backdoor-trojan-symantec

"Cybercriminals encrypt website databases in 'RansomWeb' attacks," Security Week, 29 January 2015. Known as "RansomWeb," these attacks are executed over a long period of time in order to avoid detection. The attackers compromise a company's web application, then manipulate server scripts in order to encrypt data before it's stored into the database. Once even backups are encrypted, with the attackers ensuring that the key is nearly impossible to obtain, company data is effectively held hostage until payment is made. (ID# 14-70079) See: http://www.securityweek.com/cybercriminals-encrypt-website-databases-%E2%80%9Cransomweb%E2%80%9D-attacks

"What do China, FBI, and UK have in common? All three want backdoors in Western technology," The Register UK, 29 January 2015. The Chinese government is pressing for backdoors to be added to all imported technology, and they're not alone. Security experts see backdoors as a major vulnerability and condemn the notion as "unworkable." With China, the U.S. government, and the U.K. government all pushing for backdoor access to devices, the subsequent "international backdoor" would prove problematic. (ID# 14-70081) See: http://www.theregister.co.uk/2015/01/29/china_pushes_mandatory_backdoors/

"Regin super-malware has Five Eyes fingerprints all over it says Kaspersky," The Register UK, 28 January 2015. The malware "Regin," which evaded detection for up to six years, is often compared to Stuxnet and Duqu. Kaspersky analysts now say that Regin is the handiwork of a Five Eyes intelligence member nation (abbreviated FVEY, consisting of Australia, Canada, New Zealand, the U.K., and the U.S.). A discovered Regin plugin bears remarkable resemblance to source code produced by a Five Eyes nation. (ID# 14-70082) See: http://www.theregister.co.uk/2015/01/28/malware_bods_find_regin_malware_reeks_of_warriorpride/

"Estonia President wants China and Russia to help fight cyber crime", SC Mag.UK, 26 January 2015. At the "Fighting Shadows" convention in Switzerland, leaders from Kaspersky, Microsoft, and The United Nations met to discuss the appropriate response to cyber attacks, and the need for countries to stand united in an international coalition against cyber-crime. The failure of Russia and China, both countries notorious for cyber attacks, to sign the Budapest Convention is cited as an example that international anti-cyber-crime cooperation is not yet a reality. (ID# 14-70083) See: http://www.scmagazineuk.com/estonia-president-wants-china-and-russia-to-help-fight-cyber-crime/article/394366/

"European govts. urge U.S. tech companies to remove terrorist-related postings from sites", Homeland Security News Wire, 22 January 2015. French and German authorities have requested aid from US tech firms in identifying and removing radical terrorist material from social media sites, such as hate speech and radical recruitment videos. Following the terrorist attacks in Paris, sites like Facebook and Twitter are being asked to cooperate in pre-emptive filtering. U.S. tech firms are calling this move ineffective. (ID# 14-70084) See: http://www.homelandsecuritynewswire.com/dr20150122-european-govts-urge-u-s-tech-companies-to-remove-terroristrelated-postings-from-sites

"Skeleton Key Malware Analysis," Dell Secure Works, 12 January 2015. Dell SecureWorks Counter Threat Unit is reporting malware, dubbed Skeleton Key that bypasses authentication on Active Directory (AD) systems that implement single-factor authentication only. Attackers are able to gain access as any user by using a password of their choice, while the legitimate user can continue to authenticate as usual. Skeleton Key has since been deployed using stolen domain administrator credentials. (ID# 14-70085) See: http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/

"The Centcom 'hack' that wasn't," The Washington Post, 12 January 2015. A hacker group calling itself "CyberCaliphate" claims to be responsible for the hijacking of several U.S. military Central Command social media channels. The group allegedly leaked "classified" military PowerPoints and data, which many observers have pointed out, are not classified at all. In fact, much of the "leaked" documents are publically available, and come from sources like MIT's Lincoln Library and Google. (ID# 14-70086) See:  http://www.washingtonpost.com/blogs/the-switch/wp/2015/01/12/the-centcom-hack-that-wasnt/

"Surprise! North Korea's official news site delivers malware, too,", Ars technica, 12 January 2015. A security researcher recently discovered that North Korea's official news service, the Korean Central News Agency, also spreads malware. Disguised as a download entitled "FlashPlayer10.zip," for the incredibly obsolete Flash Player 10, the executable file contains a familiar Windows malware dropper. (ID# 14-70087) See: http://arstechnica.com/security/2015/01/surprise-north-koreas-official-news-site-delivers-malware-too/

"WhatsApp and iMessage could be banned under new surveillance plans," The Independent UK, 12 January 2015. Prime Minister David Cameron, of the U.K., seeks to prohibit the use of communication that can circumvent security services, such as auto-encrypted Apple iMessafe and WhatsApp, following the recent Paris shootings. (ID# 14-70088) See: http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-plans-9973035.html

"A cyberattack has caused confirmed physical damage for second time ever," Wired, 8 January 2015. In a case eerily mirroring Stuxnet, hackers have managed to cause the only second confirmed case of physical destruction of equipment by digital means. Hackers targeted an unnamed German steel mill, manipulating control systems to severely impede shut down of a blast furnace, effectively causing "massive" damage. The attackers executed a spear-fishing attack, and utilized the downloaded malware to gain access to one system. (ID# 14-70089) See: http://www.wired.com/2015/01/german-steel-mill-hack-destruction/

"Fingerprint theft just a shutter click away." Tech News World, 7 January 2015. Biometrics used for authentication purposes is seen as a multiple factor. Initially seen as a more secure way to protect personal data, biometrics should be used as part of two-factor authentication, at the very least. German hackers known as the Chaos Computer Club have demonstrated a way to lift prints. Security consultant Catherine Pearce reminds users that at least compromised passwords can be easily changed, not so much with fingerprints. (ID# 14-70090) See: http://www.technewsworld.com/story/81548.html

"Pro-ISIS hackers target New Mexico newspapers and hit paywall." The Denver Post, 6 January 2015. An ISIS-sympathetic hacker group, under the moniker "CyberCaliphate", has hacked the Mountain View Telegraph, a newspaper from a small New Mexico town. "Infidels, New Year will make you suffer" reads the message, but in order to see more, readers must answer a Google questionnaire. (ID# 14-70091) See: http://blogs.denverpost.com/techknowbytes/2015/01/06/pro-isis-hackers-target-new-mexico-newspapers/15032/

"U.S. firm finds malware targeting visitors to Afghan govt websites", Reuters, 21 December 2014. A newly discovered campaign, dubbed "Operation Poisoned Helmand," uses a watering-hole type attack to target users of trusted Afghan government websites. U.S. cybersecurity researchers say China, whose interests in Afghanistan have increased in light of U.S. and NATO decreased military presence, is the most likely threat actor. (ID# 14-70092) See: http://in.reuters.com/article/2014/12/21/china-afghanistan-cybersecurity-idINKBN0JZ0K420141221

(ID#:14-3356)


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.


 

US News

US News


"Firm finds link between Regin spy tool and QWERTY keylogger," SC Mag., 27 January 2015. [Online]. Earlier this month, the source code for the so-called "QWERTY" keylogger malware was released as part of recent Snowden leaks and was found to have been used by numerous national intelligence agencies. Researchers found that QWERTY is identical in functionality to a specific module of the "Regin" spy tool and concluded that they were both produced by the same (or at least cooperating) developers. (ID: 14-50193) See: http://www.scmagazine.com/tool-detailed-in-snowden-documents-functions-like-regin/article/394764/

"CTB-Locker ransomware variant being distributed in spam campaign," SC Mag., 23 January 2015. [Online]. Trend Micro has identified a new strain of the bitcoin ransomware "Critroni," which is unique in its unusually high ransom demand and longer time to pay the ransom: ninety-six hours to pay three bitcoins, or about $700. This version is spread via a spam campaign and is "predominately impacting users in Europe, the Middle East and Africa (EMEA), China, Latin America and India." (ID: 14-50194) See: http://www.scmagazine.com/critroni-variant-of-ctb-locker-now-gives-victims-extra-time-to-pay-ransom/article/394247/

"NAFCU asks Congress to create bipartisan data breach working group," SC Mag., 22 January 2015. [Online]. The National Association of Federal Credit Unions (NAFCU) urged the U.S. Congress and Senate in a letter to consider creating a bicameral working group to help find solutions and pass legislation to combat the growing threat and consequences of data breaches. In a divided government, bipartisan cooperation and cooperation between government branches are integral parts of combating cybersecurity issues like data breaches. (ID: 14-50195) See: http://www.scmagazine.com/credit-unions-want-input-in-development-of-national-breach-law/article/394006/

"Adobe plugs Flash zero-day, investigates separate exploit reports," SC Mag., 22 January 2015. [Online]. Adobe has released a patch for the CVE-2015-0310, a Flash vulnerability that would allow hackers to bypass "memory randomization mitigations on the Windows operating system." Adobe is also investigating the Flash Player vulnerability CVE-2015-0311 and has announced that consumers should expect a patch in the near future. (ID: 14-50196) See:http://www.scmagazine.com/adobe-issues-emergency-fix-for-flash-player-vulnerability/article/393977/

"Android malware encounters surged in 2014, up by 75 percent, report says," SC Mag., 15 January 2015. [Online]. Mobile security company Lookout found that around 6.4 million Android devices were infected with malware in 2014, an astonishing 75 percent increase from 2013. Mobile devices are often seen as being safer that traditional personal computers, and they generally are -- but the increased functionality and usage in financial and business contexts means that they are becoming high-value targets. (ID: 14-50197) See: http://www.scmagazine.com/lookout-releases-2014-mobile-threat-report/article/392814/

"Skeleton Key Malware Analysis," Dell SecureWorks Counter Threat Unit Threat Intelligence, 12 January 2015. [Online]. The newly-discovered "Skeleton Key" malware allows attackers to bypass Active-Directory (AD) systems that only employ passwords for authentication. Skeleton Key allows attackers to authenticate themselves as a legitimate user, thereby granting them access to remote access services within a victim network. Two variants were found, the older of which allowed attackers to analyze the victim's patching process. (ID: 14-50198) See: http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/

"Pro-ISIS attackers compromise U.S. Central Command Twitter and YouTube accounts," SC Mag., 12 January 2015. [Online]. The U.S. Central Command (CENTCOM) confirmed that its YouTube and Twitter accounts were hacked. Both accounts were taken offline after attackers, who appear to have been supporters of the Islamic State, used the accounts to post military documents and threatening messages. The military documents, though disguised to look like part of a new breach, were actually part of the public domain. It is suspected that the attackers obtained credentials through some kind of phishing or brute-force attack. (ID: 14-50199) See: http://www.scmagazine.com/us-central-command-social-media-accounts-hacked/article/392128/

"Cisco Annual Security Report Reveals Widening Gulf between Perception and Reality of Cybersecurity Readiness," Security Mag., 20 January 2015. [Online]. Cyber criminals have been constantly developing techniques of increasing sophistication to evade detection and bypass security measures, which means that security teams need to work together on improving their methods more than ever before. According to a study by Cisco, however, not everybody is on the same page when it comes to perceptions of cyber readiness. (ID: 14-50200) See: http://www.securitymagazine.com/articles/86050-cisco-annual-security-report-reveals-widening-gulf-between-perception-and-reality-of-cybersecurity-readiness

"Obama Calls for Data Breach Notification Law," Security Mag., 12 January 2015. [Online]. U.S. President Barack Obama intends to ask Congress to pass a law that requires companies to report data breaches to victims within thirty days, as well as a second privacy law that would allow consumers to decide what personal data they are willing to give to companies, and how they want that data to be used. Additionally, Obama intends to push for a digital privacy bill that would regulate collection and use of data collected from educational services. (ID: 14-50201) See: http://www.securitymagazine.com/articles/86043-obama-calls-for-data-breach-notification-law

"Snowden reveals that China stole plans for a new F-35 aircraft fighter," Cyber Def. Mag., 22 January 2015. [Online]. According to Snowden leaks, Chinese government hackers were able to obtain plans and technical data -- potentially as much as 50 terabytes worth -- for a new F-35 fighter jet. The F-35, which is being developed by Lockheed Martin at a record-breaking $400 billion, is a joint effort between the U.S., U.K., and Australian governments. (ID: 14-50202) See: http://www.cyberdefensemagazine.com/snowden-reveals-that-china-stole-plans-for-a-new-f-35-aircraft-fighter/

"5800 Gas Station Tank Gauges vulnerable to cyber attacks", Cyber Def. Mag., 26 January 2015. [Online]. Recent research by Rapid7 has found that approximately 5,800 gas stations across the U.S. are vulnerable to remote cyber attacks. The affected gas stations all use Automated Tank Gauges (ATGs), devices that are used to prevent overfilling of underground storage tanks that have no password protection. Compromised ATGs could potentially produce false alarms and shut down a station. (ID: 14-50203) See: http://www.cyberdefensemagazine.com/5800-gas-station-tank-gauges-vulnerable-to-cyber-attacks/

"USA and UK announce joint cyber 'war games' to improve cyber defenses," Cyber Def. Mag., 20 January 2015. [Online]. The U.S. and U.K. have agreed to participate in mutual cyber "war games" in which teams from each nation would "attack" each other to bring to light security flaws in each other's systems. The exercises are intended to prepare both nations for real-life state-sponsored attacks. British Prime Minister David Cameron stressed the importance of cyber security readiness in his announcement of the war games, noting that cyberattacks "can have real consequences to people's prosperity". (ID: 14-50204) See: http://www.cyberdefensemagazine.com/usa-and-uk-announce-joint-cyber-war-games-to-improve-cyber-defenses/

"Project Zero team has disclosed a new unpatched Windows 8 flaw," Cyber Def. Mag., 15 January 2015. [Online]. Google's Project Zero hacking team has disclosed a newly found Windows 8.1 and Windows 7 "Privilege Escalation" vulnerability, and has demonstrated it in a simulated Proof of Concept (PoC) attack. There has been disagreement between Google and Microsoft about the disclosure policy; Microsoft had asked Google to delay the disclosure of the bug, with the intention to fix it by February 2015. Google refused, and disclosed it within the normal 90-day timeline. (ID: 14-50205) See: http://www.cyberdefensemagazine.com/project-zero-team-has-disclosed-a-new-unpatched-windows-8-flaw/

"Malaysia Airlines Site Back Up as Hackers Threaten Data Dump," Infosecurity Mag., 27 January 2015. [Online]. Hacking group "Lizard Squad" has claimed responsibility for an attack on Malaysia Airline's website and has threatened on social media to release stolen data, though the airline claims that no sensitive data was stolen. Visitors to the website were directed to a page apparently owned by Lizard Squad, though the issue has since been resolved. (ID: 14-50206) See: http://www.infosecuritymagazine.com/news/malaysia-air-site-back-hackers/

"China Blamed for MITM Attack on Outlook," Infosecurity Mag., 19 January 2015. [Online]. Anti-censorship rights group Greatfire.org is pointing fingers at China's Cyberspace Administration after an attack on Microsoft Outlook users. The daylong MITM attack, which utilized a self-signed certificate, is suspected by some to be an attempt by China to test their MITM capabilities, which are used to bypass HTTPS and intercept communications. (ID: 14-50209) See: http://www.infosecurity-magazine.com/news/china-blamed-for-mitm-attack-on/

"Windows 10: Secure enough for government?" GCN, 23 January 2015. [Online]. Windows 10 will feature new and improved security features, including technologies such as multifactor authentication, data-loss prevention, and other low-level hardware and kernel measures. Newer security features could be very attractive for government and business, who are facing increasing amounts of cyber threats. (ID: 14-50210) See: http://gcn.com/articles/2015/01/23/windows-10-security.aspx?admgarea=TC_SecCybersSec

"Critical Java updates fix 19 vulnerabilities, disable SSL 3.0," ComputerWorld, 21 January 2015. [Online]. A new Java security update patches 19 vulnerabilities and removes support for Secure Sockets Layer (SSL) 3.0, which is outdated and vulnerable. A significant portion of the 19 vulnerabilities scored high on the severity scale, with six scoring 9.3 or above out of 10. Additionally, this will be the last security update for Java 7 (without a long term contract); users will need to migrate to Java 8 to receive automatic updates in the future. (ID: 14-50211) See: http://www.computerworld.com/article/2873215/critical-java-updates-fix-19-vulnerabilities-disable-ssl-30.html

"Fed data at risk in attacks on university computers," FCW, 27 January 2015. [Online]. University computer networks, which contain large volumes of both devices and data, are a lucrative target for cyber criminals, according to a memo by the Department of Homeland Security (DHS). Last spring, for instance, attackers were able to utilize a supercomputer at a U.S. university to perform DDoS attacks on several businesses that provide server services for gaming. (ID: 14-50212) See: http://fcw.com/articles/2015/01/27/fed-data-at-risk.aspx

"Ending the tyranny of passwords," FCW, 16 January 2015. [Online]. The FIDO (Fast IDentity Online) Alliance, a collaborative effort between 150 members including Google and Samsung, has been striving towards creating stronger two-factor authentication systems while phasing out passwords as a method of authentication. The group has been working to create specifications for newer methods like biometrics and hardware tokens, technologies that could prove to be much more secure than passwords without compromising convenience. (ID: 14-50213) See: http://fcw.com/articles/2015/01/16/tyranny-of-passwords.aspx

"How can we protect our information in the era of cloud computing?" University of Cambridge Research, 26 January 2015. [Online]. Researcher Jon Crowcroft argues that cloud storage puts data at an increased risk; rather, information should be stored in a diverse range of P2P systems. Spreading data out, according to Crowcroft, would not just hamper efforts to obtain that information illegitimately, but would make it easier to access as well. The centralized nature of cloud solutions, on the other hand, can make data easier to steal. (ID: 14-50214) See: http://www.cam.ac.uk/research/news/how-can-we-protect-our-information-in-the-era-of-cloud-computing

"NIST Revises Crypto Standards Guide," Gov Info Security, 23 January 2015. [Online]. The National Institute of Standards and Technology (NIST) has just released its NIST Cryptographic Standards and Guidelines, a document which details NIST's new cryptographic standard development process. Notably, the document stresses transparency and details the interactions between NIST and the NSA, a relationship which has sparked considerable negative publicity since the first draft was issued nearly a year ago. (ID: 14-50215) See: http://www.govinfosecurity.com/nist-revises-crypto-standards-guide-a-7831

"New technology proves effective in thwarting cyberattacks on drones," Homeland Security News Wire, 27 January 2015. [Online]. Researchers with the University of Virginia and Georgia Institute of Technology have successfully tested methods developed by the multi-university Systems Engineering Research Center to keep unmanned aerial vehicles safe from cyber attack. Drones, as they are often referred to, are used to collect sensitive data and even perform missile strikes, which makes security a necessity. (ID: 14-50216) See: http://www.homelandsecuritynewswire.com/dr20150127-new-technology-proves-effective-in-thwarting-cyberattacks-on-drones

"Universities adding cybersecurity programs to their curricula to meet growing demand," Homeland Security News Wire, 14 January 2015. [Online]. The increasing prevalence and gravity of cyber attacks has led to a high demand for well-trained cybersecurity workers, which has in turn increased the demand for cybersecurity education. Many universities are bulking up their cybersecurity programs, and students are taking advantage of the value that cybersecurity education can give them in the job market. (ID: 14-50217) See: http://www.homelandsecuritynewswire.com/dr20150114-universities-adding-cybersecurity-programs-to-their-curricula-to-meet-growing-demand

"It Took Me Two Clicks To Trace Ross Ulbricht To The Silk Road," Forbes, 16 January 2015. [Online]. Computer security researcher Nicholas Weaver details how he was able to connect Ross Ulbricht to the deep-web marketplace "Silk Road" by tracing bitcoin transactions. According to Weaver, 3,255 bitcoins (about $300,000 USD) was transferred from the Silk Road to Ulbricht. Ulbricht is currently being charged as the alleged founder of the anonymous market. (ID: 14-50218) See: http://www.forbes.com/sites/valleyvoices/2015/01/16/it-took-me-two-clicks-to-trace-ross-ulbricht-to-the-silk-road/?ss=Security

"Linux makers release patch to thwart new 'Ghost' cyber threat," Reuters, Edition: U.S., 27 January 2015. [Online]. Linux distribution developers, including Red Hat Inc., have released a patch to fix "Ghost," a vulnerability which could purportedly allow hackers to remotely control vulnerable systems. Researchers found that they could compromise servers with a malicious email, without that email even being opened. Fortunately, there have not been any reports of the vulnerability being used "in the wild." As with Heartbleed and shellshock, the vulnerability was discovered in open-source software; which in this case is the Linux GNU C Library. (ID: 14-50219) See: http://www.reuters.com/article/2015/01/27/us-cybersecurity-linux-idUSKBN0L02RS20150127

(ID#:14-3357)


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.