skip navigation

More signal. Less noise.

Daily briefing.

On Giving Tuesday one glumly observes the predictable rise in online scams. On a happier note, one also notes the pleasant rise in legitimate philanthropic opportunities, many provided by the cyber and tech industries. Give prudently, but do consider giving.

Curesec warns of an Android 4.3 vulnerability that lets attackers remove locks from devices. The currently circulating Windows XP exploit uses sophisticated anti-analysis techniques, a discovery that should motivate even the most hidebound users to abandon the obsolescent OS.

Reports concerning BadBIOS (that elusive Sasquatch of malware) remain uncorroborated, but researchers at Germany's Fraunhofer Institut have published a conceptual framework for a stealthy high-frequency acoustic botnet that does indeed seem a plausible threat to air-gapped networks.

Threatpost reports that Google is investigating a possible denial-of-service problem with Nexus phones.

Sheep Marketplace, an underground successor to SilkRoad, reports the theft of about $6M in Bitcoins, and then shuts itself down. Bitcoin becomes CryptoLocker's preferred ransom currency. Various legitimate apps are bundled with a surreptitious Bitcoin miner. (The tip-off to the miner's existence? It's mentioned in the apps' EULA.)

D-Link releases firmware security patches for older versions of its routers.

BlackBerry continues to resist extinction, and gains sales to European governments wary of surveillance. Deciding it's not worth its while to overcome suspicions of cyber-espionage, Huawei continues its long good-bye to the US market.

IEEE Spectrum assesses D-Wave's quantum computer.

Canada and Japan both consider laws permitting more online surveillance. New Zealand's security services will answer Parliamentary questions about Kiwi cyber operations.


Today's issue includes events affecting Canada, China, European Union, Germany, Honduras, India, Iran, Ireland, Israel, Japan, Netherlands, New Zealand, Pakistan, Russia, South Africa, United Arab Emirates, United Kingdom, United Nations, United States..

Cyber Attacks, Threats, and Vulnerabilities

Beware: Online charity scams on the rise (NBC News) 'Tis the season to be jolly. Unfortunately, 'tis also the season for charity scams

Cloned Facebook accounts hit up friends with spam and money requests (Naked Security) The scam hit a TV news station in the US, with attackers scraping photos from reporters' profiles and using them on bogus accounts taken out under their victims' names. Using those fake accounts, they then milked their targets' friend lists to spam out malicious links

Online clothing store Witchery lets customers view — and edit! — each other's personal information (Naked Security) According to a News Limited report, customers visiting clothing retailer Witchery's mobile website were able to get at the PII of other users via a feature called "track my order." Customers could also view every order currently being processed, not just their own

Flaw in Android 4.3 Can Be Exploited to Remove Device Locks with Rogue Apps (Softpedia) Security researchers from Curesec warn that a vulnerability in Android Jelly Bean (4.3) can be exploited by cybercriminals to remove all device locks, such as PINs, passwords, gestures and face recognition

Free shopping voucher offer leads to phishing (Help Net Security) Cybercriminals have been ramping up their efforts as the year draws to a close, and have initiated hundreds - if not thousands - email spam campaigns, trying every approach possible to get users to part with their personal and financial information, or to install malware

How malware could steal sensitive data from an air–gapped computer — via high frequency sound (Graham Cluley) It sounds like a puzzle worthy of a Sherlock Holmes novel

On Covert Acoustical Mesh Networks in Air (Journal of Communications) Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication

Windows XP/Server 2003 Zero–Day Payload Uses Multiple Anti–Analysis Techniques (TrendLabs Security Intelligence Blog) Several days ago, Microsoft released a security advisory disclosing a new zero-day vulnerability in older versions of Windows. It was reported that it was being abused by a malicious PDF file (TROJ_PIDIEF.GUD) to deliver a backdoor (BKDR_TAVDIG.GUD) onto affected systems in "limited, targeted attacks"

Latest XP Zero Day Renews Calls to Move Off the OS (Threatpost) If your organization needed more incentive to move off Windows XP, a new zero-day vulnerability made public recently may be it

Google Nexus Phones Vulnerable to SMS Denial–of–Service Attack (Threatpost) Google is reportedly looking into a problem with the latest versions of Nexus smartphones that could force the devices to restart, lock or fail to connect to the Internet

TeamSpeak Forum Hacked, Serves Malware (eSecurity Planet) Traffic was redirected to a DotCache exploit kit landing page, according to Malwarebytes

Facebook users warned of leaked Snapchat photos phishing threat (Graham Cluley) Leaked Snapchat photos on FacebookFacebook pages claiming to link to leaked photos distributed via the Snapchat smartphone app can be attempting to steal your passwords, according to one security researcher

Huge quantity of Bitcoins stolen from Sheep Marketplace (Help Net Security) Another week, another huge Bitcoin theft. This time, it's the customers of Tor-based underground market Sheep Marketplace who have been left with empty wallets

Did One of the Silk Road's Successors Just Commit the Perfect Bitcoin Scam? (Motherboard) Yesterday, Sheep Marketplace, an anonymous digital narcotics bazaar that grew popular after the shutdown of the Silk Road, announced that it had been robbed of 5,400 bitcoins—the equivalent of $6 million at current exchange rates—and then promptly shut itself down

Virus thieves making 'millions' in Bitcoin ransoms (The Telegraph) Virus which locks all personal data has begun demanding payment in Bitcoins

Legitimate apps bundled up with secret Bitcoin miner (Help Net Security) As the value of Bitcoin continues to rise, a lot of people are trying to cash in on the craze. Some do it legally, by getting their own machines to perform the calculations required, and others try to make other users' machines do it for them

The FBI TOR Exploit (Infosec Institute) The Tor network is an anonymizing network that allows people to browse the web and access other services without being traced. As part of this network, there is the so-called "darknet," servers accessible only through Tor, which host a variety of services from forums to e-mail

Anonymous hacks and defaces Interpol Honduras and State Police websites against electoral fraud (Hack Read) The online hacktivist group 'Anonymous Honduras' has hacked and defaced 6 high profile Honduras government ministries websites against the alleged fraud in country's presidential elections. Hacked websites belong to Interpol Honduras, two websites of National Police of Honduras, Superintendent of Public Alliance, Honduras, Ministry of Culture and Zolitur Island under Ministry of Tourism

Data Breach at Maricopa Community Colleges Affects 2.4 Million Students, Employees (eSecurity Planet) The exposed data includes employees' Social Security numbers, driver's license numbers and bank account numbers, and students' academic information

90,000 patients' info exposed in hospital malware attack (Help Net Security) Personal information of some 90,000 patients of two Seattle hospitals has been compromised after an employee opened an email attachment that contained malware

URM Says Cyber Attack Has Been Blocked; Credit/Debit Card Use Resumes (KHQ) In a press release issued Monday night, URM Stores said they have put enhanced security measures into place to block the cyber-attack that focused on stealing vital customer information. URM says customers may now resume using credit, debit, EBT, and gift cards in all member stores

Bashmobs: Using Social Media to Organize Disruptive Activity (Cyveillance) As mobile devices and texting became common in the early 2000s, people realized they could be used to encourage a large group to meet in a coordinated manner, particularly in cities, giving rise to the modern phenomenon known as the "flash mob". At first, flash mobs were a fun way for people to organize a choreographed performance or event that to random spectators, appeared to materialize out of thin air

Security Patches, Mitigations, and Software Updates

D–Link patches critical vulnerability in older routers (Help Net Security) D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October

Cyber Trends

Snowden's legacy and the NSA of everything (ZDNet) The revelations of US surveillance have changed everything and nothing about our perception of the internet

How much cyber attacks could cost an average home user (CIOL) The average cost of multimedia files that a user might lose from a device as a result of a cyber attack or other damage is estimated at $418, according to this year's Consumer Security Risks Survey, conducted by B2B International and Kaspersky Lab

Shopping convenience overrides security concerns (Help Net Security) Tripwire announced the results of a survey on mobile security and holiday shopping. The survey was conducted by Dimensional Research and OnePoll from November 18-20, 2013, and evaluated the attitudes of 1,400 consumers in the U.S. and U.K

The Foreign Policy Essay: Erik Gartzke on "Fear and War in Cyberspace" (Lawfare) Cyberwar is all the rage, and with it questions on what new technologies mean for society and—Lawfare specialties—the implications of these changes for surveillance, privacy, intelligence, and the laws of war. However, we may have rushed to explore the trees without looking at the overall forest

FBI details major trends in cyber attacks against SMB's (Trend Micro Simply Security) In my discussions with partners and customers across the globe, I often hear comments and statements that SMB's (Small and Medium-Size Business) aren't a big enough target to be the focus of a cyber attack

Cloud Providers Reveal More Big Data Analytics To Enterprises (Dark Reading) Simpler is better for many companies, but an increasing number of firms want access to more data

Study: 340,000 New Malicious Websites Detected In Past 30 Days (Dark Reading) Creation of new malware, spam, and phishing sites growing at unprecedented rates, report says

Encryption ethics: Are email providers responsible for privacy? (Pando Daily) Ex–National Security Agency (NSA) employee Edward Snowden's various leaks — the most recent being a slide showing that the NSA infected 50,000 of computer networks with remote–controlled spyware — confirm that state intelligence agencies around the world have been collecting and analyzing people's behavior online for years


BlackBerry tells customers that it's not dead—yet (Ars Technica) "We are here to stay," promises CEO John Chen

BlackBerry could benefit from NSA snooping (FierceMobileIT) Apple products losing out among European governments. The scandal around the National Security Agency (NSA) could work to the benefit of Canadian firm BlackBerry, especially among foreign governments

Cyber–security firm Prolexic to be sold for $370 million (Sun-Sentinel) A cyber-security firm in Hollywood is being sold to a Boston-area tech company for $370 million

Scrub–a–dub–dub: Akamai and Prolexic in the tub (Scurosis) They say it is better to be lucky than good. I seem to test that theory on a daily basis. Just yesterday I ranted about the need for multi-layer DoS defenses, mostly by poking at a Prolexic white paper advocating the opposite. I alluded to the reality that most customers wouldn't run all their traffic through a scrubbing center, so they need on-premise defenses as well (so a multi-layer system)

Intel Makes Another Acquisition: Hacker League, A Platform For Hackathons, Is Now A Part Of Mashery (TechCrunch) Intel's acquisition spree continues apace, with the latest being made to augment one of its other recent acquisitions. It is buying Hacker League, a popular platform for managing hackathons, which will be incorporated with the API management company Mashery

Israeli hacking school trains cyber warriors (NDTV) Hadera: Three hooded hackers hunch over their computer screens in the control room at Israel's new state-of-the-art "Cyber Gym", where IT and infrastructure company employees train to defend against cyber-attacks

MongoDB startup hired by Aadhaar got funds from CIA VC arm (The Economic Times) Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI)

Cylance Selected as SINET 16 Innovator (SYS-Con Media) Cylance, Inc., a global provider of disruptive cybersecurity products and services that reinvent the way organizations prevent advanced threats, today announced that it has been selected as a SINET 16 Innovator. Cylance will present its unique approach to advanced threat detection and prevention through use of complex mathematical models during the SINET Showcase 2013

Huawei decides to exit the US market over cyber espionage concerns (TechSpot) Chinese networking and telecommunications equipment provider Huawei is calling it quits in the US. CEO Ren Zhengfei recently told French news site Les Echos that it wasn't worth it for his company to get in the middle of US / China relations and as such, they have decided to exit the US market

Google Brings The Telethon Online With First–Ever "Hangout–a–thon" (TechCrunch) On Tuesday – aka Giving Tuesday - Google will repurpose its video broadcasting service called Google+ Hangouts to help host an online "Hangout-a-thon" that aims to connect those interested in making charitable donations with a worthy cause of their liking

Cisco Employees Line Up to Participate in #GivingTuesday (Cisco Blogs) Forget about fighting crowds on Black Friday and maxing out your credit card on Cyber Monday. Join a movement that matters and kick off the giving season with #GivingTuesday on December 3. Just post or tweet about how you give back on any social media channel and use the hashtag #GivingTuesday

Innovative New Product from CyberPoint Offers Secure and Convenient Coverage for Consumers Operating in Public Spaces (Sacramento Bee) CyberPoint International, LLC, a global provider of cyber security services, solutions, and products, announced today the release of its newest consumer protection product. Code named "T," this innovative new product integrates a powerful network of fibers enabling secure and convenient coverage for consumers operating in public spaces. T comes complete with an easy-to-use alerting system designed to proactively protect consumers from the daily threats they encounter. As the latest addition to CyberPoint's Anti-Malwear line, T also ensures that others know you have a sense of humor. Take a look at T

Products, Services, and Solutions

Etisalat steps into cyber threat debate (Gulf News) Company offers Norton security software to eLife customers in partnership with Symantec

Blue Coat launches advanced threat protection solution in India (CIOL) Blue Coat Content Analysis System with malware analysis blocks known threats, as well as detects and analyzes both zero-day and advanced malware

The Next Big Thing You Missed: This Man Wants to Clean Your Dirty Bitcoin Laundry (Wired) Marco Crispini set out to build a Bitcoin exchange — a place where people could buy and sell the world's most popular digital currency — but then he realized just how difficult that would be

Technologies, Techniques, and Standards

Even in the Quietest Moments… (Internet Storm Center) I recently had a migration from one internet uplink to another to do for a client. As with many organizations, they have about 40% of their workforce at head office, and 60% (and sometimes more) of their workforce operating remotely, so taking the Firewall and especially the VPN services offline is a very big deal. There is no good time to take things down given that their sales force has people in just about every time zone, there are just times that are "less bad" than others

Applied Crypto Hardening (Better Crypto) This guide arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for conguring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age

Kenneth van Wyk: Enjoy your trip, but protect the data you take with you (ComputerWorld) International travel can require some pretty strong security measures if your devices contain sensitive information

Eight tips for more secure mobile shopping (CSO) With the holiday shopping season upon us, users who are shopping using mobile devices need to take the proper steps to protect themselves and sensitive corporate data

Research and Development

D–Wave's Year of Computing Dangerously (IEEE Spectrum) After a year of outside investigation, questions remain about a controversial quantum computer


Standardized tests discriminate against the next Einsteins and Teslas (Quartz) At 16, Albert Einstein wrote his first scientific paper titled "The Investigation of the State of Aether in Magnetic Fields." This was the result of his famous gedanken experiment in which he visually imagined chasing after a light beam. The insights he gained from this thought experiment led to the development of his theory of special relativity

Legislation, Policy, and Regulation

UN: Mass Surveillance Violates Universal Human Rights (Threatpost) The United Nations has joined the growing chorus of people, organizations and activists denouncing government mass surveillance of citizens without cause and says that such programs are a violation of basic human rights

More on the (Alleged) Global Right to Privacy (Lawfare) Over at EJILTalk!, Marko Milanovic has a five-part series considering the possibility of a global right to privacy against government surveillance Milanovic's posts are in part a response to posts by Ben and me, so I thought I would offer just two quick thoughts in response

Proposed Canadian cyber law — anti–bullying or pro–snooping? (Naked Security) Proposed legislation referred to as the "Protecting Canadians from Online Crime Act" is said to be aimed at preventing cyber-bullying, but does this law go too far

Japan's Secrets Bill Turns Journalists Into Terrorists (Bloomberg Opinion) Shinzo Abe owes Xi Jinping a debt of gratitude

EU to Encourage Cooperation on Drones, Cyber Security (Bloomberg) European Union leaders will call for more coordination on cyber security and unmanned aircraft when they meet in Brussels this month, according to a Dec. 2 draft of summit conclusions

Spy agency chiefs to face MPs in public (Dominion Post) New Zealand's top spooks face a barrage of questions from MPs today as Parliament's intelligence and security committee is held in public for the first time

Federal cyber security policy (finally) begins to gel (Baltimore Business Journal) A framework for the federal government's approach to protecting the nation's critical infrastructure from cyber threats has emerged, writes Steve Charles. Comprehensive cyber security legislation heated up, but never really came to a boil. It will probably stay on the back burner for a while. Yet a framework for the federal government's approach to protecting the nation's critical infrastructure from cyber threats has emerged

NSA employees received talking points for Thanksgiving dinner (Russia Today) If a politically-charged dinnertime debate sidelined your Thanksgiving, don't blame the National Security Agency. New documents have surfaced suggesting the NSA sent their employees home for the holidays with pre-determined talking points

Whistlehackers in the age of surveillance (Yahoo! News) "We're going to have to make some choices as a society," Barack Obama observed back in June

South Africa: Watching the Watchers — the Case for the Moral Superiority of Hackers, Leakers and Citizen Watchdogs (All Africa) Edward Snowden, Chelsea (Bradley) Manning and Julian Assange have all attained legendary status amongst citizens' rights advocates

Litigation, Investigation, and Law Enforcement

Dutch privacy watchdogs: "Google spins an invisible web of our personal data without our consent." (IT ProPortal) Dutch privacy watchdogs have concluded that Google's privacy policy is in breach of the Dutch data protection act

Internet firms ordered to block file–share sites (The Independent) THREE major music companies have been granted orders which will allow internet service providers here to block access to a file-sharing website as part of efforts to prevent "wholesale copyright theft" on "a grand scale"

Man sentenced to probation for cyber attack on Koch Industries (KAKE) A Wisconsin man has been sentenced to two years federal probation and ordered to pay $183,000 in restitution for taking part in a cyber-attack on Koch Industries. The attack was sponsored by the computer hacking group known as Anonymous

700 Domains seized by ICE, Europol and Hong Kong Customs on Cyber Monday (InfoSecurity Magazine) This year's Cyber Monday, traditionally the start of the holiday online shopping season, marked the end of it for more than 700 websites involved in selling counterfeit merchandise – all seized in a joint operation between ICE (297), Europol (393) and Hong Kong Customs (16)

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Anti–Malwear T Giving Tuesday Happy Hour (Baltimore, Maryland, USA, December 3, 2013) In honor of Giving Tuesday, CyberPoint is hosting a happy hour today, Tuesday, December 3, from 4-7pm at James Joyce (616 S. President Street, Baltimore, MD 21202) in Harbor East. If you'd like to join...

Strengthening the NIST Cyber Framework Against Advanced Threats (Washington, DC, USA, December 5, 2013) NIST's Cybersecurity Framework has tremendous value for risk management and defines best practices to block known threats. This discussion will share intelligence about campaigns by sophisticated cyber...

Cylance Talk: Risk Does Not Equal Threat (Arlington, Virginia, USA, December 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work,...

NASA Langley Cyber Expo (Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...

U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...

Cyber Training Forum at NGA (Springfield, Virginia, USA, February 4, 2014) The 2014 Cyber Security Training Forum (CSTF) will take place at the NGA East Campus in Springfield, VA. This event is designed to provide education and training to the NGA Workforce, the Intelligence...

Nellis AFB - Technology & Cyber Security Expo (Las Vegas, Nevada, USA, February 26, 2014) For over 12 years, the Armed Forces Communications & Electronics Association (AFCEA) - Las Vegas Chapter and FBC have been co-hosting the Annual Information Technology Expo at Nellis AFB. As was the case...

Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, December 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

ACG® New York Cyber Security Investor Conference (New York, New York, December 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security.

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.