skip navigation

More signal. Less noise.

Daily briefing.

The FBI warns the US military of against the possibility of ISIS attacks against military personnel inside the United States, and strongly advises security and counterintelligence scrubbing of service (and service member) social media accounts.

The chair of the US House Intelligence Committee sees Iranian cyber attacks spiking should nuclear talks with the Islamic Republic break down.

The Sony hack (which the North Koreans decline to disavow, although they don't actually claim credit) prompts another FBI warning, this time to businesses. Reports say the Bureau regards the risk to corporate enterprises as high, and, because of the probability of data destruction, unusually dangerous. (Data corruption is a serious and lingering problem: the US Postal Service, for example, won't be releasing its required annual financial report because it cannot determine whether the hack it sustained this summer altered business data.)

Yesterday's news of apparently successful financial market manipulation remains the subject of analysis and speculation. "FIN4," as FireEye calls the group responsible, used sophisticated spearphishing (backed up by clever manipulation of email filters and warnings) to steal credentials and gain access to information on targeted companies. Most interested in healthcare and pharma, FIN4 sought data material to stock prices, notably merger-and-acquisition information. Observers think this was a criminal as opposed to state-sponsored operation, probably conducted by native or near-native speakers of English based in North America or Western Europe. That FIN4 was current in American investment-banking argot is telling. An interesting case of social engineering: phishing remains very much a threat.


Today's issue includes events affecting Bermuda, Brazil, Canada, China, Cuba, European Union, Germany, India, Iran, Iraq, Democratic Peoples Republic of Korea, Pakistan, Syria, Russia, United Kingdom, United Nations, United States.

The CyberWire will be covering the 2014 SINET Innovation Showcase this week, live tweeting from the National Press Club tomorrow and Thursday, with special issues devoted to the event.

Cyber Attacks, Threats, and Vulnerabilities

ISIS Threat at Home: FBI Warns US Military About Social Media Vulnerabilities (ABC News) The FBI on Sunday issued the strongest warning to date about possible attacks by the ISIS terrorist group against the U.S. military inside the homeland, officials tell ABC News

Iran May Escalate Cyberattacks if Deal on Nukes Falls Through (Dark Matters) House Intelligence Committee chairman Mike Rogers believes that Iran could escalate the number of cyber attacks targeting U.S. critical infrastructure should there be a failure to reach an accord over the nation's controversial nuclear program

Hackers Using Lingo of Wall St. Breach Health Care Companies' Email (New York Times) For more than a year, a group of cybercriminals has been pilfering email correspondence from more than 100 organizations — most of them publicly traded health care or pharmaceutical companies — apparently in pursuit of information significant enough to affect global financial markets

FireEye Report Identifies Highly-Sophisticated Cyber Threat Group Aiming to Cheat Wall Street (FireEye) FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today released a comprehensive intelligence report that assesses that a financially motivated advanced threat group has been carrying out ongoing attacks against publicly traded companies in a likely attempt to play the stock market

Hackers Targeted Companies' Merger Talks (Wall Street Journal) Computer-security firm says health-care, pharmaceutical firms in hackers' cross-hairs

Did Hackers Gain an Edge on Wall Street? (Wall Street Journal) Computer-security firm FireEye FEYE -0.63% has told the Federal Bureau of Investigation that a group of cyberthieves may be attempting to gain an edge on Wall Street by targeting chief financial officers, advisory firms and others involved in mergers, acquisitions and other market-moving events

Sony Pictures hacking: North Korea cryptic over cyber leak (International Business Times) North Korea has refused to deny that it was involved with the large scale hacking of Sony Pictures that led to at least five new movies being shared online illegally

FBI Warns US Firms of Destructive Malware Attacks (Infosecurity Magazine) The FBI has been forced to issue a confidential flash warning to US firms claiming they are at risk of a new destructive malware campaign designed to wipe corporate data, in a move which may have been presaged by the attack on Sony Pictures last week

10 deadliest differences of state-sponsored attacks (CSO) There are some key differences about attacks that originate with foreign governments, and ignoring these differences could prove deadly

Cyber criminals target telcos in India, other nations with Regin (Economic Times) Cyber criminals are using a new malware — Regin — to penetrate and monitor GSM networks in India and other countries including Pakistan, Brazil, Germany and Russia, security researchers have said

Spies listening to Island's communications (Royal Gazette) Bermuda's undersea communications cables are monitored by UK and US security services, according to documents leaked by former National Security Agency (NSA) contractor Edward Snowden

Postal Service has no Annual Financial Statement Because of Hack (Nextgov) The U.S. Postal Service is not filing its required yearly financial report because management does not know if business data was altered during a recent data breach, USPS officials said

XSS Vulnerability Found in Alcatel-Lucent Carrier-Grade Switches (SecurityWeek) A reflected cross-site scripting (XSS) vulnerability has been identified in the management interface of the Alcatel-Lucent 1830 Photonic Service Switch, but the vendor doesn't plan on fixing it any time soon

Why is Facebook Flaw Still Unpatched? (GovInfoSecurity) Researcher paid a bounty, but exploit remains

Browser fingerprints — the invisible cookies you can't delete (Naked Security) Dear reader, it seems that you are causing headaches in dark corners of the web

Dridex Phishing Campaign uses Malicious Word Documents (Internet Storm Center) During the past few months, Botnet-based campaigns have sent waves of phishing emails associated with Dridex. Today, we'll examine a wave that occurred approximately 3 weeks ago. The emails contained malicious Word documents, and with macros enabled, these documents infected Windows computers with Dridex malware

Tens of thousands web servers backdoored via pirated CMS themes and plug-ins (Help Net Security) Over 23,000 websites set up with the help of Joomla, WordPress and Drupal content management systems have been compromised and used for illegal search engine optimization by an attacker who managed to social-engineer site administrators to install a backdoor on their servers

Operation DeathClick (Infosec Institute) The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising — a type of attack that uses online advertising to spread malware. A recent campaign termed "Operation death click" displays a new form of cyber-attack focused on specific targets. The attack is also defined as micro targeted malvertising. In this newly targeted variation of malvertising, the hackers are attacking their victims using micro targeting techniques and real time bidding — a recent technology that helps to post ads based on user interests

Point-of-Sale systems breached at major US parking garage operator (Naked Security) Been swiping your payment card to pay for parking in the US?

Cyber Attack Monday in City of Fort Lauderdale (Fort Lauderdale Sun-Sentinel) Cyber Monday became Cyber Attack Monday as the hacker group Anonymous made good on a threat to crash the city's website because of recent laws the city has passed regulating homeless behavior

'Cyber Attack' Means No Digital Access to Supervisors' Agendas (Lost Coast Outpost) If you're someone who checks Humboldt County Board of Supervisors agendas Monday nights to decide whether or not to attend the Tuesday meetings, well, first of all, that's kinda weird, but secondly, we have bad news. The company that makes those agendas available online "was hit by a cyber attack today," according to the county, so the agenda for tomorrow's meeting is not available through the Internet tubes

Cheapest tablets pose biggest security risks (CSO) The super-cheap Android tablets everyone bought on Black Friday and Cyber Monday could pose problems for enterprises when they arrive at the workplace after the holidays

Yahoo Mail bounces back after 11 days of downtime (Inquirer) But service unlikely has many users left

The hackers' bounty — how much do cybercriminals make from innocent users? (BizTechAfrica) Cybercriminals could be raking in profits twenty times greater than the cost of their attacks, according to figures compiled by Kaspersky Lab experts

The 10 Biggest Bank Card Hacks (Wired) The holiday buying season is upon us once again. Another event that has arrived along with the buying season is the season of big box retailer data breaches

8 holiday scams and mistakes to avoid (CSO) You're not the only one feeling merry and bright this holiday season — so are the criminals! This time of year provides them with plenty of opportunities for Scrooge-worthy scams. Here's how to ensure all they'll get is coal in their stocking

Security Patches, Mitigations, and Software Updates

Firefox releases version 34 with SSLv3 fixes, Firefox Hello (ZDNet) Mozilla has disabled SSLv3 support and added Firefox Hello to its latest version of Firefox

OpenVPN Versions Released Since 2005 Affected by DoS Flaw (SecurityWeek) The developers of OpenVPN have released a new version of the open-source virtual private network software to address a critical denial-of-service (DoS) vulnerability that can be exploited to cause servers to crash

Cyber Trends

Experian Data Breach Resolution Releases Its Second Annual Data Breach Industry Forecast (The Street) Preventing and managing data breaches have become two of the highest priorities facing businesses today. To help executives plan ahead, Experian Data Breach Resolution announces the release of its second annual Data Breach Industry Forecast, a white paper outlining key issues and trends to watch for in 2015

The persistent threat of data breaches (Help Net Security) Preventing and managing data breaches have become two of the highest priorities facing businesses today. Many evolving factors such as new threats, regulatory changes and technological advances make the data breach landscape difficult to navigate

Data Management: Brace for the Breach (Medical Marketing and Media) The specter of a massive hack is haunting the healthcare industry. As it turns out, that might not necessarily be a bad thing for everyone involved

Data loss and downtime costs enterprises $1.7 trillion (Help Net Security) Data loss and downtime cost enterprises $1.7 trillion in the last twelve months, or the equivalent of nearly 50% of Germany's GDP. Data loss is up by 400% since 2012 while, surprisingly, 71% of organizations are still not fully confident in their ability to recover after a disruption, according to EMC Corporation

Companies Struggle to Monitor for Security Threats (IT Business Edge) Where does your business stand on security readiness?

Cyber attacks impact purchasing behavior (Help Net Security) As U.S. consumers head to malls and retail websites this holiday season, they do so increasingly concerned about the safety and security of their personal information. In fact, according to KPMG, more than half of consumers are either unsure or not confident at all in the security of their personal information when shopping both in-store (58 percent) and online (63 percent)


Hewlett-Packard Company (HPQ)'s Only Hope is A Miracle Acquisition: Daniel Ives (Insider Monkey) Hewlett-Packard Company (NYSE:HPQ)'s CEO Margaret Whitman promised the company's investors that she is going to turn her company around with moves that perhaps do not have a parallel

The KEYW Holding Corporation (KEYW) Drops 5.18% on December 01 (Equities) The KEYW Holding Corporation (KEYW) was one of the Russell 2000's biggest losers for Monday December 01 as the stock slid 5.18% to $10.25, a loss of $-0.56 per share. Starting at an opening price of $10.75 a share, the stock traded between $10.25 and $10.91 over the course of the trading day. Volume was 202,788 shares over 1,742 trades, against an average daily volume of 302,449 shares and a total float of 37.59 million

Intel acquires digital identity manager PasswordBox (Help Net Security) Intel acquired PasswordBox, a provider of a cross-platform identity management service that gives users a way to log into all of their websites and applications from any device without having to type or remember passwords

German government says "ja" to BlackBerry's acquisition of Secusmart (Ars Technica) To get approval to buy Düsseldorf firm, BlackBerry had to sign "no-spy" deal

Raytheon establishes UK Cyber Innovation Centre (CNN Money) New cyber research, development and testing centre brings jobs to UK and extends the reach of Raytheon's network of cyber centres

ForeScout widens net for enterprise push (Channel Pro) ForeScout looks to recruit well known SIs and VARs in "aggressive" large enterprise push

Senate Explores Outsourcing Security Services (InformationWeek) The US Senate might outsource core cyber security support to a managed security service. Candidate tasks include network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research

Former Sourcefire CFO Todd Headley Joins LogRhythm's Board of Directors (BusinessWire) Security industry leader to help guide LogRhythm's rapid growth

Products, Services, and Solutions

WatchGuard launches next-gen firewalls (Trade Arabia) WatchGuard Technologies, a leader in multi-function firewalls, has launched next-generation firewall (NGFW) and unified threat management (UTM) appliances specifically engineered for mid-size and distributed enterprises

TrustPipe's Breakthrough Marker-Based Security Technology Helps Make Computers and Devices Virtually Hack-Proof (Broadway World) TrustPipe's Breakthrough Marker-Based Security Technology Helps Make Computers and Devices Virtually Hack-Proof After two years of testing in real-world deployments and at West Coast Labs, digital security vendor TrustPipe emerged from stealth mode today to introduce its breakthrough, marker-based security technology — offering a superior alternative to signature- and heuristic-based security, and helping to make computers and other devices virtually hack-proof

Susan Davis International Launches Cyber Risk Communications Practice (Fort Mill Times) Noted cyber security expert Frank Cilluffo to lead high profile team serving corporate boards and C Suite

CuckooAutoInstall — Auto Installer Script for Cuckoo Sandbox (Kitploit) What is Cuckoo Sandbox? In three words, Cuckoo Sandbox is a malware analysis system

SANS to host advanced InfoSec training in Dubai (Trade Arabia) A leading InfoSec training event is set to offer three intensive training courses on hacker techniques, web app penetration testing and reverse-engineering of malware in Dubai, UAE next month

Technologies, Techniques, and Standards

NSA Opens Up Data Automation Software For Public Use (Forbes) The Apache APA -0.44% Software Foundation (ASF) has worked with the National Security Agency (NSA) on the release of Niagarafiles (or Nifi, to the initiated) technology designed to "automate data flows" among multiple computer networks. The software is free and open source (so is available to the public) through the Apache Software Foundation. But why is automating data flows important?

Researcher Releases Database of Known-Good ICS and SCADA Files (Threatpost) A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones

Bitcrypt: Encrypted Messages in the Blockchain (Cryptocoins News) The Bitcoin blockchain has been the scene of quite a bit of innovation beyond its currency application. There are passports, applications for fiat currency banking, and there is even talk of artificial intelligence based on the technology

5 Tips for Fighting Email Security Threats (eSecurity Planet) Email is one of a hacker's favorite tools, so companies must be smart about thwarting email-generated cyber attacks

Do you create stupid users? (CSO) Most security awareness failings are actually failings of security programs

Design and Innovation

Breaking the Code: The Role of Visualization in Security Research (Dark Reading) In today's interconnected, data rich IT environments, passive inspection of information is not enough

Research and Development

Cybersecurity concept for unmanned systems (Help Net Security) The University of Virginia School of Engineering and Applied Science Department of Systems and Information Engineering announced the success of an early-stage demonstration to improve defenses for unmanned aerial vehicles against cyber attacks. U.Va.'s System-Aware Cybersecurity concept and Secure Sentinel technology were tested in collaboration with Georgia Tech Research Institute through a series of live flight cyber-attack scenarios

Legislation, Policy, and Regulation

UN Committee Adopts Resolution on Right to Privacy in the Digital Age (Council on Foreign Relations) On November 25, 2014, the third committee of the UN General Assembly adopted a resolution that calls on states to "respect and protect the right to privacy" in the digital age. The resolution is the follow-up to a very similar motion that Germany and Brazil sponsored last year in response to the Snowden revelations. Germany and Brazil led the adoption of this year's resolution and secured over thirty-five cosponsors including Cuba and Russia, countries not necessarily known as beacons of online privacy

EU panel says 'right to be forgotten' should be worldwide right (FierceBigData) Google is under fire again with Europe at the trigger. The European Union issued new guidelines to extend the 'right to be forgotten' privacy protection for European citizens beyond European search sites. This clarification aims to push Google and other search engines to take down links across all their sites and services, without exception

Leahy, Cornyn Oppose CIA-Proposed Email Retention Regime (Roll Call) Two senior senators came out strongly Monday against a CIA plan to purge most of its email

Computers and a need for defense (Lompoc Record) As folks in the Northeast were shoveling their way out of 7 feet of snow — a month before winter's official start — and while politicians in Washington sniveled about Obamacare and immigration, the chief of America's intelligence community explained how foreign hackers could take out the U.S. electric power grid

DNI Clapper Establishes the National Counterintelligence and Security Center (Office of the Director of National Intelligence) Director of National Intelligence James R. Clapper announced today the establishment of the National Counterintelligence and Security Center. National Counterintelligence Executive William "Bill" Evanina will assume the additional role as the NCSC Director

Editorial: A full-time cyberdefense (Albany Times Union) The Issue: New York's U.S. senators want to enlist the National Guard in defense against cyber attacks. The Stakes: The threat is legitimate, but ensuring cyber security is a full-time job

The president seems ready to make big concessions to a company that can't be said to be suffering without them (ComputerWorld) The president seems ready to make big concessions to a company that can't be said to be suffering without them

How the Pentagon plans to bolster cloud security (FCW) The latest installment in the Defense Department's quest to find the right blend of security and affordability in the commercial cloud came in the form of a report released by the DOD CIO's office. The report offers "cradle-to-grave" guidance for commercial cloud providers and DOD customers, acting DOD CIO Terry Halvorsen wrote in a prefacing memo

Commerce takes bigger oversight role in its bureaus' cybersecurity (Federal News Radio) For the first time ever, the Commerce Department is building a real-time view of its overall cybersecurity posture. And with that information, it's taking on a greater oversight role over the 14 different agencies within its purview

U.S. Justice Department names new counterespionage chief (Reuters) The U.S. Department of Justice has named an experienced former federal prosecutor to oversee its counterespionage efforts, part of a broad restructuring of the national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands

Litigation, Investigation, and Law Enforcement

Feds want Apple's help to defeat encrypted phones, new legal case shows (Ars Technica) Prosecutors invoke 18th-century All Writs Act to get around thorny problem

The Supreme Court is about to tackle online threats for the first time (The Verge) A case about violent Facebook posts could change how internet speech is prosecuted

'Counterfeit' domains seized by Europol (BBC) Police forces across Europe have seized 292 web domains that were being used to sell counterfeit goods, according to Europol

Cricket to pay feds $2.1M after allegations it charged too much for wiretaps (Ars Technica) Case also settles accusations that AT&T subsidiary overbilled for pen registers

Airport busts for 118 credit card fraudsters (Naked Security) A global operation to tackle online fraud led to 118 arrests across 80 airports last week, Europol has revealed

Sandia scientist gets prison term for taking DOE laptop to China (Federal Times) A former scientist at Sandia National Laboratories in New Mexico was sentenced Monday to one year and one day in prison after pleading 'guilty' to bringing restricted government equipment along on a trip to China

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, December 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood...

After the Breach: 1st Annual DePaul University Cyber-Risk Conference (Chicago, Illinois, USA, December 2, 2014) DePaul University's Arditti Center for Risk Management, Center for Financial Services, and the College of Computing and Digital Media are proud to collaborate with Sapient Global Markets as moderators...

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed...

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

(ISC)┬▓ Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)2 Security Congress, now in its fourth year, (ISC)2 Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

Cyber Security Division 2014 R&D Showcase and Technical Workshop (Washington, DC, USA, December 16 - 18, 2014) The cybersecurity threat continues to evolve and in order to keep ahead of the threat, new cutting-edge cybersecurity technologies are needed. DHS S&T's Cyber Security Division (CSD) is funding many R&D...

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.