Visible to the public US News

SoS Newsletter- Advanced Book Block

US News

"Snapchat: Our servers were not breached in the 'Snappening', blame 3rd Party apps", TechCrunch, 10 October 2014. Some 200,000 photos belonging to Snapchat app users have been leaked. Dubbed "The Snappening", in reference to the recent celebrity nude photo leak, this latest privacy breach has users outraged and seeking explanations from Snapchat. Snapchat has denied a breach on their part. (ID# 14-70017) See

"DEFCON router hacking contest reveals 15 major vulnerabilities", Electronic Frontier Foundation, 7
October 2014. "SOHOpelessly Broken" DEFCON hacking contest highlights security vulnerabilities in home routers. Results indicated that discovered vulnerabilities are not limited to any one company, but rather affects nearly all router manufacturers. (ID# 14-70018) See

"Signaling post-Snowden era, new iPhone locks out NSA", The New York Times, 26 September 2014. Apple promises encryption-by-default for the new iPhone 6, with each device creating its own individual code independent of Apple's interference - or anyone else's. FBI director, James Comey, criticizes the change as enabling users to operate above the law. Google's Android, which has already provided optional encryption for three years prior to the iPhone 6, will release encryption-by-default for its next version. (ID# 14-70019) See

"HP accidentally signed malware, will revoke certificate", Arstechnica, 10 October 2014. A digital certificate, used to sign software such as hardware drivers, is being revoked. HP was alerted that its certificate had been used to sign malware, a Windows Trojan that had infected an HP employee's PC. The revocation forces HP to re-issue software packages with a new digital signature. (ID# 14-70020) See

"Dairy Queen confirms breach, Backoff malware intrusion at 395 US stores", SC Magazine, 10 October 2014. Systems at one Orange Julius and 395 Dairy Queen locations have been compromised, affecting customer payment information. The company has issued a statement saying no other personal information, such as SSNs or PINs, appears to have been compromised. The malware, Backoff, infects point-of-sale (POS) devices through brute-forcing the log-in feature of remote desktop software. (ID# 14-70021) See

"Mobile Threat Monday: thousands of fake apps impersonate Facebook, Twitter, and more", PC Magazine Security Watch, 13 October 2014. 15,000 fake social networking apps have been discovered between January and August of 2014, Cheetah Mobile Threat Labs reports. Facebook, WhatsApp, and Twitter make up the three most popular copycats. These malicious clones target the user's personal information, and often times will charge premium SMS fees to the user's phone bill. (ID# 14-70022) See

"Android 5.0 (Lollipop) represents a leap forward in security terms", SC Magazine UK, 16 October 2014. Encryption by default is here for Android! The new update gives several bolstered nods to security, including a remote 'kill switch' to render stolen phones useless, Security-Enhanced Linux (SELinux), and a smart lock securing devices by Bluetooth. (ID# 14-70023) See

"Study: Average cost of U.S. cybercrime rises to $12.7 million in 2014", SC Magazine, 08 October 2014. The average cost of a cybercrime incident rose from 11.56 million USD in 2013 to 12.7 million in 2014. Though one might attribute this to a lack of security efforts on the part of businesses, this trend might actually indicate the opposite: as businesses develop better security methods, criminals have to find craftier ways to attack, which then causes businesses to have to spend more money on stopping increasingly sophisticated attacks. (ID: 14-50134) See

"ATM malware 'Tyupkin' found on over 50 machines in Europe, spreads to U.S.", SC Magazine, 07 October 2014. A strain of ATM malware known as "Tyupkin" has been used to steal millions of dollars from 32-bit Windows-based ATM machines in Eastern Europe, and has also spread to other continents. Tyupkin uses advanced methods to prevent detection, and has evolved to employ more and more evasion techniques since it was first discovered, according to Kaspersky Labs. (ID: 14-50135) See

"Group infects more than 500K systems, targets banking credentials in U.S.", SC Magazine, 07 October 2014. Proofpoint security researchers identified a cybercrime group, which appears to be Russian, that has been using "Qbot" malware to sniff communications and extract banking credentials. The attackers have infected over 500,000 unique systems, with about 75% of the two million unique IP's sniffed being U.S.-based. (ID: 14-50136) See

"Bash bug payload downloads KAITEN DDoS malware source code", SC Magazine, 06 October 2014. Researchers at Trend Micro have been monitoring a bash bug payload, TROJ_BASHKAI.SM, that utilized the Bash Bug (a.k.a. Shellshock) to download KAITEN malware onto vulnerable systems. Once a system has been infected, KAITEN can be used to remotely perform DDoS attacks and bring down a targeted organization. (ID: 14-50137) See

"Chase breach affects 76 million accounts, raises questions about detection failure", SC Magazine, 03 October 2014. After 76 million JPMorgan Chase customers had their contact information stolen in a breach that lasted months, the financial institution assured that no highly sensitive information was stolen. In accordance with a troubling trend of recent data breaches, user identity was the main vehicle of attack, which can make detection very hard. (ID: 14-50138) See

"FDA presents guidelines for medical device security", 02 October 2014. The FDA released a set of guidelines for medical device manufacturers on how to ensure security for medical devices and patient health data. During the design and development of medical devices, techniques such as multi-factor authentication, user privileges, and security compromise identification are should be observed by manufacturers. (ID: 14-50139) See

"Dairy Queen Dipped with Backoff Malware Breach", Infosecurity Magazine, 10 October 2014. Some time between August and September, Backoff malware was used to steal names, payment card numbers, and payment card expirations dates from around 600,000 Dairy Queen customers. DQ has stated that it believes the malware has been contained, as is offering identity-repair services to customers. Over 1,000 U.S. businesses have been the victim of Backoff, including UPS and Supervalu. (ID: 14-50140) See

"JPMorgan Hackers Go After 13 More Financial Institutions", Infosecurity Magazine, 10 October 2014. The same hackers that are responsible for the JPMorgan Chase attack (see ID: 14-50138) are suspected to be behind a possible attacks on thirteen other financial institutions. These attacks are part of a growing trend: through persistent, targeted attacks, hackers can gain privileged user credentials. Techniques like network segmentation can reduce the harm done by such attacks, but implementing these solutions is often difficult. (ID: 14-50141) See

"AT&T Hit by Another Insider Breach", Infosecurity Magazine, 10 October 2014. A now ex- AT&T employee accessed sensitive user data, including Customer Proprietary Network Information (CPNI), driver's license numbers, and Social Security numbers without authorization. The telecom giant has sent an apology to customers who were affected. AT&T has been plagued by similar incidents in the past, including an incident in June where a worker was "apparently looking to generate codes that unlock devices." (ID: 14-50142) See

"Massive Qbot Botnet strikes 500,000 Machines Through WordPress", Infosecurity Magazine, 08 October 2014. Researchers believe that cybercriminals were able to use compromised WordPress accounts to compromise websites, and use those websites to download the "Qbot" dropper and other malware onto victim's computers. This malware is then used to steal banking credentials, of which it is estimated to have stolen hundreds of thousands. (ID: 14-50143) See

"New Mac Malware Uses Reddit to Communicate", Infosecurity Magazine, 03 October 2014. Researchers have identified an instance of malware that uses the popular internet site to communicate with a command and control server. Mac.BackDoor.iWorm, as it is known, targets Macintosh computers primarily in English-speaking countries. What iWorm does with the victim's computer is not known as of the date of publication. (ID: 14-50144) See

"Kmart hacked, customers' card numbers exposed", Computerworld, 10 October 2014. Sears Holding Corporation announced that malware was found to have infected payments systems at its Kmart retail stores. The malware has been removed, according to Sears, but was able to steal customer's payment card numbers since the beginning of the breach in early September. (ID: 14-50145) See

"Snapchat denies it was hacked", Computerworld, 10 October 2014. Users of internet image-board 4chan obtained photos that were stolen from a massive Snapchat database by hackers, and allegedly plan to make a searchable database of the stolen content. Snapchat denies it was hacked, citing malicious third-party apps as the source of any "stolen" photos. (ID: 14-50146) See

"Symantec's board votes to split the company in two", Computerworld, 09 October 2014. Prominent IT security company Symantec decided to split into two independent entities, with one being dedicated to security and the other to information management. Top management cited the fact that both fields require "distinct strategies", so splitting the company will allow each half to better focus on its task. The split will take place over the course of the next year. (ID: 14-50147) See

"Microsoft researchers create a secure haven in the cloud", Computerworld, 09 October 2014. By utilizing two new tools for managing private memory and "sandboxing" applications in a virtual machine, Microsoft has developed a tool for keeping cloud applications secure. Haven, as it is called, protects applications by using "shielded execution": it acts as a barrier between applications and the computer systems that run them. (ID: 14-50148) See

"Forensic software extracts iPhone data n even with iOS 8 encryption", GCN, 08 October 2014. Despite efforts to improve encryption in iOS 8, computer forensics and password recovery firm Passware, Inc. announced that its Passware Kit Forensic tool can acquire "call, messaging and browsing history, photos and videos, contacts and applications" from Apple devices from iCloud, as long as the Apple ID credentials are known. (ID: 14-50149) See

"Cyberattacks trigger talk of ehacking backi", Washington Post, 09 October 2014. The idea of "hacking back" or "active defense" as a means of thwarting cybercriminals has always been generally frowned upon because of its risks and legal implications of retaliation. With large-scale damage caused by cyber attacks becoming increasingly common, however, some are warming up to the idea. (ID: 14-50150) See

"Paper: Great promise for online voting if security, verification challenges met", FierceGovernmentIT, 08 October 2014. The strict nature of voting security, accuracy, and anonymity make implementation of online voting a challenge, but when successful, online voting can cut costs and increase turnouts. Weaknesses in the security of online polling systems have very strong implications, making proper security measures a necessity. (ID: 14-50151) See

"Only top legislators informed of White House computer attack", Reuters, 30 October 2014. After a White House computer network was attacked in early October, only a small group of congressional leaders were initially notified because of the unusually sensitive nature of the attack. This group, known as the "Gang of Eight", normally serves the purpose of keeping Congress informed about "covert actions" by the CIA and other agencies. (ID: 14-50152) See

"Cyber breaches put 18.5 million Californians' data at risk in 2013: report", Reuters, 28 October 2014. 18.5 million Californians had their personal records put at risk by cyber breaches in 2013, a number seven times higher than the previous year, according to a report by the state attorney general. A 28 percent increase in data breaches, as well as the exposure of 7.5 million records from only the largest cyber intrusions, are to blame. (ID: 14-50153) See

"Russia ruled out as culprit in Chase cyber security breach, U.S. officials say", Reuters, 02 October 2014. The FBI and Secret Service announced that Russia has been ruled out as the culprit for the Chase cyber security breach, citing non-state-sponsored cyber-criminals as the most likely culprits. It was initially feared that the attacks were in response to U.S. economic sanctions on Russia. (ID: 14-50154) See

"China says it's hard to resume cyber security talks with U.S.", Reuters, 19 October 2014. Top Chinese diplomat Yang Jiechi told Secretary of state John Kerry that resuming cyber cooperation between China and the U.S. will be difficult because of "mistaken U.S. practices". Claims by Edward Snowden about U.S. hacking of Chinese computer systems, accusations by the U.S. of Chinese hacking of American firms, and other events have brought tensions between the U.S. and China to dangerous levels. (ID: 14-50155) See

"FBI warns U.S. businesses of cyber attacks, blames Beijing", Reuters, 15 October 2014. The U.S. FBI released a hurried notification to U.S. businesses warning of cyber attacks that are believed to be backed by the Chinese government. The document instructs companies to inform authorities if they believe they are victims of attacks, and provides steps that companies should take to mitigate effects of an attack. (ID: 14-50156) See

"Apple Pay Rival and Walmart-backed MCX Hacked, User Emails Snatched", Forbes, 29 October 2014. Merchant Customer Exchange (MCX), an effort between Rite Aid, Sears and Walmart to create a competing product similar to Apple Pay, notified customers that it was hacked and that customer email addresses had been obtained. The emails were from participants in MCX's CurrentC beta test. The CurrentC app is MCX's main product, which is being designed to allow customers to pay at brick-and-mortar stores with their phones. (ID: 14-50157) See

"Data Breach Bulletin: Kmart, POODLE, Oregon Employment Department, UC Davis Health System", Forbes, 17 October 2014. A round-up of some of the most recent high-profile data breaches: Kmart, POODLE, UC Davis Health System, Sausalito Yacht Club. (ID: 14-50158) See

"Accelerating Threats Reset the Goal Lines in Cybersecurity", Security Week, 23 October 2014. The cybersecurity industry finds itself in the reactive role in a continuous game of cat-and-mouse all too often. Paradigm shifts like cloud computing further complicate the issue, so cyber companies will have to rely on "response reinvention" for survival. (ID: 14-50159) See

"Keep Moving, Stay Alive: Your Cyber Strategy is Either Dynamic or It's (Un)Dead", Security Week, 24 October 2014. Active, agile response to cybersecurity threats is necessary for keeping a business free from the many negative effects of security breaches. With scores of large-scale cyber attacks leaving big businesses reeling in the past few years, many are learning this lesson the hard way. (ID: 14-50160) See

"Alleged Russian cyber-criminal charged in 40-count indictment", GSN, 16 October 2014. Russian citizen Roman Valerevich Seleznev was charged by a federal grand jury in Seattle with a 40-count indictment. Seleznev was allegedly involved with stealing and collecting and selling over 2 million credit card numbers by infecting POS systems. (ID: 14-50161) See

"The Long and Winding Road to Shellshock Recovery", TechNewsWorld, 29 October 2014. The Shellshock bug was thought to be worse than Heartbleed because it allowed the attacker to take control of a system, not just spy on it. Though hacking activity related to Shellshock seems to have tapered off since the initial disclosure, cybercriminals are probing for vulnerabilities in Bash systems, and it is feared that the upcoming holiday season will see a dramatic increase in attacks. (ID: 14-50162) See

"FBI's Comey Argues Against Encryption: Trust Us", TechNewsWorld, 20 October 2014. In a recent speech, FBI director James Comey reiterated his concerns about built-in encryption in mobile devices. It is feared that built-in encryption will hamper the efforts of law enforcement, shielding criminals from legitimate, lawful searches. (ID: 14-50163) See

"Microsoft Patch Blocks Sandworm Tunnels", TechNewsWorld, 17 October 2014. A cyber-gang, dubbed "Sandworm", was found to be exploiting a vulnerability in Windows operating systems, which allowed them to remotely execute code on victim systems. According to iSight Partners, the firm that discovered Sandworm, the group is backed by the Russian government. Since being tracked in 2013, the group has targeted "NATO, government organizations in the Ukraine and Western Europe, a Polish energy firm, a French telecommunications company, and academic organizations in the United States." (ID: 14-50164) See

"New report details Russiais cyber-espionage activities", Homeland Security News Wire, 30 October 2014. Cyber security firm FireEye released a report that accuses the Russian government of hacking into and performing espionage on computer systems in Eastern European countries. FireEye cites the fact that many malware samples were written during Moscow and St. Petersburg time zone working hours, and on computers that are configured to use the Russian language. (ID: 14-50165) See

"New smart key software enhances security for homes businesses", Homeland Security News Wire, 28 October 2014. Traditional mechanical locks and keys suffer from many security shortcomings. Researchers have worked to design eLOQ, a software system that will aid in creating and managing electronic key systems. E-keys allow for "restricting access to specific locks/areas based on date and time; the ability to view an audit trail held in the keys and locks; and the eblacklistingi of lost or stolen keys without the time and expense of physically replacing locks." (ID: 14-50166) See

"China steals confidential data on the vulnerabilities of major U.S. dams", Homeland Security News Wire, 24 October 2014. National Weather Service hydrologist Xiafen Chen was arrested and is being charged with theft of U.S. government property; namely, sensitive files on U.S. dams. It is suspected that the crime was state-sponsored, as a data breach of the same system was traced back to the Chinese government in early 2013. (ID: 14-50167) See

"No Security, No Business", PC Mag, 31 October 2014. A poll by HyTrust indicated that the public has a very low tolerance for security breaches and hold lose faith quickly in companies that have suffered from breaches. Roughly half of the respondents went as far as describing such companies as "criminally negligent". Slacking on security can save businesses time and resources in the short term, but can cause catastrophic results if a breach occurs. (ID: 14-50168) See

"Crazy Spy Software Makes Computers Spill Secrets Over Radio", PC Mag, 30 October 2014. When it comes to computer systems that control critical infrastructure, maintaining an "air gap" with networks is essential for security. The notorious Stuxnet managed to bridge an air gap, but researchers at Ben Gurion University managed to go one step further: their program can transmit data via FM radio waves by modulating signals going through a humble monitor cable. (ID: 14-50169) See

"NIST spells out information-sharing best practices", FCW, 30 October 2014. Information sharing has become increasingly recognized as an essential part of threat management and prevention for businesses and agencies alike. The NIST released the draft of a document that is intended to guide federal agencies and private organizations in the best ways to implement information sharing practices. (ID: 14-50170) See

"USCIS looks to the cloud for E-Verify", FCW, 27 October 2014. After launching E-Verify, a system for employers to determine if their employees are eligible for work in the U.S., the U.S. Citizenship and Immigration Services is looking to move E-Verify's data processing to the cloud. While improving the capabilities of the system, protection of sensitive information like SSNs will be important in the cloud. (ID: 14-50171) See

"New cyber doctrine shows more offense, transparency", 24 October 2014. The Pentagon recently released an uncharacteristically transparent document detailing policy regarding offensive cyber actions. The document argues that, because of the "growing reliance" on the cyber world and the serious implications that actions in cyberspace can have in the real world, cyber offense "requires carefully controlling OCO [offensive cyber operations]". (ID: 14-50172) See

"Is open source really a security concern?", FCW, 23 October 2014. Open source code and applications are known to carry the risk of carrying malicious code and security flaws, but advocates of open-source development might argue that the strength of open-source is its "group approach", which can be more effective than closed source in finding such vulnerabilities. (ID: 14-50173) See

"NIST lays out roadmap for cloud computing", GCN, 27 October 2014. The NIST released the result of a three year effort to speed up the adoption of cloud computing in government: Cloud Computing Technology Roadmap Volumes I and II. The first volume lists ten requirements for "maintain[ing] innovative cloud adoption across government", while the second is more of a "technical reference for those actively working on strategic and tactical cloud computing initiatives". (ID: 14-50174) See

"U.S. government probes medical devices for possible cyber flaws", Reuters, 22 October 2014. The DHS is reportedly investigating about two dozen suspected security threats in medical devices. Though there are no known incidents regarding security flaws in the devices to date, the threat is very serious because of the direct role that the devices, which include "implantable heart devices", play in a patient's health. (ID: 14-50175) See


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.