skip navigation

More signal. Less noise.

Daily briefing.

Anonymous hacktivists, exercised by Russian troop movements in the vicinity of Ukraine, announce Operation Ukraine (#OpIndependence) and threatens a cyber riot against any country (and they're looking at you, Russia) that would undermine Ukrainian stability and independence.

CryptoLocker continues its creepy spread through the United Kingdom, with vectors now masquerading as Royal Mail communications. The ransomware is enjoying surprising success: a University of Kent study suggests forty percent of British CryptoLocker victims are paying up.

Bogus "payment certificate" notifications carry a cross-platform Java remote access Trojan (JRAT) to targets in the UK and the UAE.

"Gameover," current darling of the ZeuS Trojan family, gets an unwelcome upgrade in the form of a kernel-mode rootkit.

SpyEye and Tilion banking malware are found to be the work of the same author (or team of authors).

The energy sector continues to mull its difficulties obtaining cyber insurance. Vulnerabilities in that sector seem, a study published by Rice University suggests, particularly well-placed to spread risk to defense establishment targets. Energy companies are advised to take a hard look at cyber risk and give the recently released NIST cyber framework close attention.

Where, an editorialist wonders on the hundredth anniversary of sea power theorist Alfred Mahan's death, is Mahan's cyber power counterpart?

Bitcoin exchange Mt. Gox has filed for bankruptcy amid reports it's lost coins worth $473 million, but competing exchanges (and their clients) aren't giving up on the cryptocurrency.

Security researchers outline ten crypto transparency principles in an open letter to the tech industry.


Today's issue includes events affecting Australia, Canada, China, Germany, Israel, Japan, Republic of Korea, Russia, Switzerland, Taiwan, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States..

Dateline RSA Conference 2014

A walk through the RSA Conference 2014 expo, part 3 (Help Net Security) The conference is slowly winding down, but companies are still here and actively sharing their vision of security to the dedicated infosec pros. Here's another look at the show floor

RSA Cybersecurity Conference Sees Record Attendance (Top Tech News) The large hall of Moscone Center in San Francisco, site of the RSA Conference 2014 this week, was filled with vendors hawking new technologies to thwart malware makers, hackers, identity thieves and other online miscreants. Automated threat warning and incident response were big themes this year

Podcast: RSA Wrap-Up — Day 2 (Threatpost) Dennis Fisher and Mike Mimoso run down the news from day two of the RSA Conference, including the new FBI director's speech and preview Trusty Con

[TrustyCon] RSA rebel conference TrustyCon sells out despite 'dirty tricks' (The Register) Raises $20,000 for EFF, and support for some in security industry

[TrustyCon] EMC, RSA, NSA, @TrustyCon, and "dirty tricks" (ComputerWorld) The RSA (NYSE:EMC) Conference was boycotted yesterday by TrustyCon attendees. A range of speakers criticized the company's alleged cosy links with the NSA, arguing that the industry badly needs a huge dose of trustworthiness

[TrustyCon] Lavabit Case May Be One of Many in Coming Years (Threatpost) The Lavabit case, which saw the secure email provide's owner shut the company down after being forced to hand over to the government the encryption key that protected his users' data, may seem like an extreme reaction to a unique situation. But, experts say it's likely that there will be similar situations in the near future, and technology providers an users should change the way they think about what the threats to their data may be

[TrustyCon] Fixing Trust Through Certificate Transparency (Threatpost) The security of data being transmitted over the Web relies on a large number of moving parts, from the integrity of the machine sending the data, to the security of the browser, to the implementation of encryption, to the fragility of the certificate authority system. Experts have been spending the best part of the last decade trying to address many of these issues, but there are still a number of hard problems to solve

[TrustyCon] Are Automated Update Services the Next Surveillance Frontier? (Threatpost) As more Web-based services are encrypted, privacy advocates are concerned the next wave of aggressive surveillance activity could target automated update services that essentially provide Internet companies root access to machines

Surveillance allegations leave cyber security industry divided (Financial Times) The cyber security industry's annual conference was split in two this week after RSA was accused of co-operating with the US National Security Agency's mass surveillance programme

NSA Too Focused On Perimeter Defense, Clarke Says (InformationWeek) The Former White House cybersecurity adviser says the NSA's focus on perimeter security made it vulnerable to insider Edward Snowden

Hackers get better, while IT security falls further behind, says Verizon (FierceITSecurity) Hackers are getting better at what they do while the security community is not keeping up, according to preliminary results from the Verizon 2014 Data Breach Investigation Report released this week at the RSA Conference

RSA: Enterprise Security's Sucker Punch (eSecurity Planet) Addressing RSA attendees, IDC analysts detail outlook for the current and future IT security landscape. At IDC's annual analyst breakfast meeting at the RSA conference here, analysts discussed the mindset of IT executives toward security, which one analyst described as "My Eyes Glaze Over"

CISOs who fail to plan for breaches before they occur might need to look for another career, says panel (FierceITSecurity) Chief information security officers who fail to plan for data breaches and other security incidents before they occur will not be CISOs for long. That was the conclusion of a panel of CISOs and other IT security experts at the RSA Conference being held here this week

Cloud security concerns are overblown, experts say (Computer World) RSA panel compares enterprise fears of cloud security to early, now eased, concerns about virtualization technology

44% of companies don't have a cloud app policy in place (Help Net Security) After interviewing 120 RSA Conference attendees, Netskope announced the results of the survey on information security professionals' use of cloud apps

IBM Software Vulnerabilities Spiked In 2013 (InformationWeek) Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds

Stealthy attacks multiply and victims turn to spooks-as-a-service (IT World) As the list of victims of sophisticated cyber attacks expands, so does the need for high-priced talent to help investigate and recover from those attacks. The latest solution: hosted services offering access to cyber intelligence and incident response to customers who lack it

Big Data A Big Focus Of Security Analytics Products (Dark Reading) At the RSA Conference this week, vendors pitched big the importance of properly leveraging big data to improve security

Smartphone app for RSA security conference puts users at risk, researchers say (Ars Technica) The firm said to put an NSA-developed backdoor into its code has more problems

Security firm discloses Apple iOS "malicious profile" vulnerability impact on MDM (CSO) At the RSA Conference today, security start-up Skycure plans to disclose a vulnerability in Apple iOS devices that can impact mobile-device management (MDM) systems running on them

DB Networks Wins Multiple 2014 Info Security Products Guide Global Excellence Awards and Grand Trophy for Contributions to IT Security (Broadway World) DB Networks, an innovator of behavioral analysis in database security, today announced that Info Security Products Guide, the industry's leading information security research and advisory guide, has named the DB Networks IDS-6300 as a winner of the 2014 Global Excellence Awards in the following five awards categories

OPSWAT Releases GEARS for Advanced Threat Detection and Endpoint Compliance (Digital Journal) OPSWAT today announced the official release of GEARS, a cloud-based solution that provides IT and security professionals with advanced threat detection and compliance enforcement for both remote users and managed devices

Intelligent Cybersecurity for the Real World (Cisco Blogs) Security trends and innovation are in the spotlight this week at the annual RSA Conference in San Francisco. With the rapidly expanding attack surface and increasingly sophisticated attackers, the event is a must for insights on how the industry can meet this pace of change, evolve and defend against advanced threats. Solving our customers' toughest security challenges is our number one priority…For starters, we're delivering new product innovation by adding Advanced Malware Protection (AMP) to our Web and Email Security Appliances and Cloud Web Security. We are calling this "AMP Everywhere"

Encryption key management system gains award at RSA (Pro Security Zone) Thales KeyAuthority gains InfoSecurity product accolade as the best encryption product as part of global excellence awards

Webroot delivers APT protection for enterprises (Help Net Security) Webroot announced the release of BrightCloud Security Services and BreachLogic Endpoint Agent, two cloud-based security offerings designed to help enterprises address the explosive growth and increasing sophistication of online threats, particularly targeted attacks such as "spearphishing" and advanced persistent threats (APTs)

Android, iOS solution reveals data-leaking apps (Help Net Security) Your mobile device knows everything about you. But how well do you know your mobile device? Beginning today, savvy consumers can truly take control of their personal information on their devices — by installing viaProtect from viaForensics

TraceSecurity Enhances TraceCSO To Simplify IT GRC Management (Dark Reading) Customers will see improvements in key features, new functionality, and other enhanced performance metrics

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Declares Cyberwar on Countries Found Disturbing Peace in Ukraine (HackRead) The online Anonymous Hacktivist has released a video message in which it has declared cyberwar on countries and organizations, posing a threat to freedom and independence of Ukraine. The operation has been named as "Operation Ukraine" (#OpIndependence). A 4:37 minute video message highlights several aspects of Ukrainian crisis such as international interference and divided mindset

CryptoLocker Now Comes In The Mail (SecurityWatch) Earlier this month Brian and I both wrote about ransomware and the threat it poses to both business and individual computer users. Now, if further evidence is needed of how the problem continues to grow, it appears that there is a large run of CryptoLockered-emails appearing, purporting to have come from Royal Mail

Two in five Brits cough up for CryptoLocker ransomware's demands (The Register) Cowed victims hand over thousands rather than install basic security measures

Fake "Payment Certificate" Notifications Used to Deliver Cross-Platform RAT (Softpedia) Experts warn that individuals in the United Kingdom and the United Arab Emirates are being targeted in a spam campaign that's designed to distribute the Java remote access Trojan (RAT) dubbed JRAT

Notorious "Gameover" malware gets itself a kernel-mode rootkit… (Naked Security) Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We've covered it as plain old Zbot. We've covered the Citadel variant, which appeared when the original Zbot code was leaked online. We've even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different strain of malware. Currently, the most widespread Zbot derivative is the Gameover bot, also known as Zeus P2P because of its use of peer-to-peer network connectivity for command and control

ZeuS Downloader Runs in January, Crashes the Rest of the Year (TrendLabs Security Intelligence Blog) A few weeks ago, we received a rather unusual malicious attachment, which we detect as TROJ_UPATRE.SMAI. This particular attachment, when uncompressed and executed, displays the following error message

Phishing Alert: Hotmail Customers Have Been Upgraded to (Softpedia) Cybercriminals are trying to trick Hotmail users into handing over their credentials with fake emails that purport to come from "The Microsoft account team"

How emails can be used to track your location and how to stop it (Naked Security) A new, free Google Chrome browser extension called Streak lets email senders using Google accounts see when recipients open email

SpyEye and Tilon banking malware have the same author(s) (Help Net Security) When first discovered by Trusteer in 2012, the Tilon banking malware received its name because of some similarities with the Silon banking Trojan

Preying On A Predator (Dark Reading) Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals

Businesses told to lockdown Bitcoin wallets against malware threat (CSO Salted Hash) Malware designed to steal digital currency from Windows PCs has risen with Bitcoin value since beginning of last year, says study

Alaska Communications Acknowledges Data Breach (eSecurity Planet) Current and former employees' names, addresses, birthdates and Social Security numbers may have been accessed

Lost USB Drive Exposes Hong Kong Hospital Patients' Data (eSecurity Planet) The unencrypted drive contained 92 patients' personal information, along with data on drug prescriptions

Security Patches, Mitigations, and Software Updates

About the security content of QuickTime 7.7.5 (Apple Support) This document describes the security content of QuickTime 7.7.5

Cyber Trends

Action is needed as snooping becomes world phenomenon (The National) We are living in a golden age of phone tapping. All over the world, there are headlines about snooping, both legal and illegal, and how to protect yourself from it

Wake-up call over cyber insurance (Professional Security Magazine) Power companies are reportedly being refused insurance for cyber attacks, despite a rise in demand

Why Co-ops Should Take Note of Cyber Framework ( The Obama administration's voluntary framework for cyber security, finalized after significant collaboration with the private sector, should be studied by all electric cooperatives

Hacks on Gas: Energy, Cybersecurity, and U.S. Defense (James A. Baker III Institute for Public Policy, Rice University) Cybersecurity in the energy sector can trace its start to an account (that may or may not be true) about U.S. involvement in a computer-based attack on the energy infrastructure of the Soviet Union during the Cold War. Elements of the incident are described in the memoir of Thomas C. Reed, an official in the administration of President Ronald Reagan and a former National Reconnaissance Office director

Ethical hacking field grows as companies fear hackers (Canadian Press via Global News) John Zabiuk disassembled his parents' TV at age six, taught himself computer programming as a teen and, as a post-secondary student, hacked into his school's system on a lark

America is the prime target of international cyberattacks (Quartz) The United States has been cyberattacked by governments and criminal organizations a lot more than any other country. At least that's the conclusion of a study released this morning of 40,000 online attacks against customers of the cyber-forensics company FireEye

Canadians confident, concerned about cyber attacks: Study (IT World Canada) Leaders of Canadian organizations are more confident than American, British and Australian they can beat back targeted Internet attacks, according to a new survey

Third-party programs responsible for 76% of vulnerabilities in popular software (Help Net Security) Third-party programs are responsible for 76% of the vulnerabilities discovered in the 50 most popular programs in 2013, say the results of Secunia's Vulnerability Review 2014, which is based on a sampling of the company's seven million PSI users

5 Reasons Security Certifications Matter (Dark Reading) There's a lot of buzz around how certs aren't important. I'm calling BS, and here's why

Wanted: A Mahan for Cyberspace (Real Clear Defense) This year marks an important but likely overlooked anniversary — 100 years since the death of Alfred Thayer Mahan. A notable military officer and scholar, Mahan revolutionized military strategy and security policy with his 1890 book The Influence of Sea Power Upon History


Al Kinney: HP to Help DHS Acquire Security Software for Cyber Defense (GovConWire) Hewlett-Packard (NYSE: HPQ) will provide licenses for two application security products to 33 U.S. government civilian organizations under a Department of Homeland Security-run cyber defense program

Carlo Zaffanella: General Dynamics Aims to Centralize TSA Screening Tech (GovConWire) General Dynamics Advanced Information Systems (NYSE: GD) will work with the Transportation Security Administration to integrate security equipment with enterprise services under an $8.2 million task order

Commtouch Completes Name Change To CYREN (Dark Reading) Company adopted new name as part of transformation into provider of cloud-based information security solutions

Mt. Gox loses customers' bitcoins, files for bankruptcy (MarketWatch) Missing bitcoins have market value of $473 million

Leaked: Just before Bitcoin catastrophe, MtGox dreamed of riches (Ars Technica) The exchange site also said it would need "influential lobbyists" going forward

The Future of Bitcoin After the Mt. Gox Incident (SecureList) No doubt it's been a crazy week for anyone even remotely interested in Bitcoin. Mt. Gox, once the largest Bitcoin marketplace out there, has shut down, putting a bitter end to an almost month-long situation in which all withdrawals were halted because of "technical issues"

The Future of Bitcoin Exchanges: Comments From a Mt. Gox Competitor (IEEE Spectrum) Mt. Gox, the Japan-based exchange which until recently handled the majority of trades between Bitcoin and fiat currencies, went offline this Tuesday, hours after the media got its hands on a document (supposedly leaked from within Mt. Gox) that described the company as insolvent and preparing for bankruptcy. Panic quickly spread among traders many of whom are still waiting for reimbursement from the exchange

Pentagon wants contractor to pick propaganda audiences (USA Today) Military officials are moving ahead with a plan to pick potential target audiences for U.S. propaganda and see if the messages work, according to a newly released Pentagon document

Bloomberg clamps down with data-access policies after scandal (CSO) The financial data and news company develops in-house access controls after controversy over journalists seeing client information

Products, Services, and Solutions

KoolSpan and Trustonic Announce Global Partnership; Introduce Secure Voice and Data Solutions Built on TEE Enhanced Smart Devices at Mobile World Congress 2014 (Digital Journal) KoolSpan, Inc. announced today at Mobile World Congress (MWC) in Barcelona, Spain, a strategic partnership to enable KoolSpan's TrustCall® secure voice communication with the Trustonic™-base Trusted Execution Environment (TEE)

Procera Networks and Qwilt Partner to Launch Online Video Delivery and Analytics Solution for Network Operators (CEN) Enables seamless delivery and management of OTT video traffic, improved subscriber GOE and network insights

Jericho Systems Technology Used to Demonstrate Attribute Based Access Control (ABAC) for the Department of Homeland Security (Broadway World) Jericho Systems Corporation, the pioneer in externalized authorization software for enterprise environments, announced that its technology was successfully used to demonstrate dynamic access control and Attribute Based Access Control (ABAC) to members of the Department of Homeland Security (DHS) and U.S. Congressional staffers

M2Mi to Participate in the Software Assurance Program from the Department of Homeland Security (PRWeb) Machine-to-Machine Intelligence (M2Mi) Corporation today announced its intention to further enhance the resilience and security of the M2M Intelligence® platform by utilizing software assurance tools and resources as part of the Software Assurance program hosted by the Department of Homeland Security (DHS)

Enterprise-level UTM for home and small offices (Help Net Security) WatchGuard Technologies announced the WatchGuard Firebox T10 Unified Threat Management (UTM) solution, a network security appliance that allows enterprises to extend powerful network security to small office home office (SOHO) environments

Catbird Partners With Trapezoid (Dark Reading) Combined solution will leverage Trapezoid Marker to meet 24 FISMA controls

Technologies, Techniques, and Standards

Security researchers urge tech companies to explain their cryptographic choices (CSO) Researchers signed an open letter outlining 10 transparency principles for companies to regain user trust following surveillance revelations

After Target: Fighting fraud from the hackers' perspective (CBS News) When a client phones up security incident response management firm Mandiant, senior services consultant Jason Rebholz says, "it's already too late; something's already happened"

Surprise: There's really no need to conceal your email address from spammers (Quartz) A few months ago, I did the unthinkable: I posted my email address on the internet

DDoS and BCP 38 (Internet Storm Center) Quite often on many lists we will hear the term Best Current Practice (BCP) 38 bandied about and further recommendations to implement (See NANOG Mailing list archive). Some will say 'it will aid in DDoS mitigation' and even others will even state 'All Internet Service Providers (ISP) should implement this.' Now before the philosophical discussions ensue in the comments, it might be a good idea to discuss, technically, what it is? And perhaps what it can do

Cybersecurity in the Golden State (Office of the Attorney General, State of California) California is at the center of the digital revolution that is changing the world. Because of work done by companies right here in our home state, we are more connected — and empowered — than ever before. But we are also increasingly vulnerable

OpenID Foundation launches the OpenID Connect Standard (Help Net Security) The OpenID Foundation announced today that its membership has ratified the OpenID Connect standard


Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices (Privacy Technical Assistance Center, US Department of Education) The U.S. Department of Education established the Privacy Technical Assistance Center (PTAC) as a "one-stop" resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of student data

University of Maryland sets concrete cybersecurity goals in wake of data breach (Help Net Security) The individuals affected in the recent data breach at the University of Maryland will be getting five instead of one year of free credit monitoring, the University's president Wallace D. Loh stated in an additional statement issued in the wake of the breach

Legislation, Policy, and Regulation

Why British intelligence got an eyeful while spying on Yahoo users (Quartz) British intelligence has been spying on millions of Yahoo users who are not suspected of any wrongdoing, and has collected and stored a huge number of images from Yahoo webcam chats

Outgoing NSA chief Keith Alexander signals openness to surveillance reform (The Guardian) General Keith Alexander, testifying before the Senate armed services committee for what could be the final time as head of the NSA, told senators that one option under consideration in the Obama administration's deliberations about revamping the NSA's surveillance programs was to "get only that data" relating to terrorist communications

Cost of NSA surveillance hard to define (FierceGovIT) Surveillance by the National Security Agency costs the United States in terms of direct costs to American taxpayers to pay for it, costs to lost opportunities in the American Internet industry, costs to foreign relations work and costs to Internet security, said Anne-Marie Slaughter, president and chief executive of the New America Foundation. But pegging a dollar value on it is a difficult exercise, said panelists during a Feb. 25 event hosted by the think tank in Washington

A Key NSA Overseer's Alarming Dismissal of Surveillance Critics (The Atlantic) The NSA's inspector general mischaracterized Edward Snowden's critique of the agency in remarks at Georgetown

Internet guffaws at senator's quixotic proposal to ban Bitcoin (Ars Technica) "I am concerned…Americans will be left holding the bag on a valueless currency"

Litigation, Investigation, and Law Enforcement

Dropbox seems to be trying to head off privacy lawsuits as it prepares for an IPO (Quartz) Online storage company Dropbox is widely expected to emerge soon as one of the most anticipated Silicon Valley public offerings this year. And as it does, privacy worries are coming to the forefront

Consumer Sentinel Network Data Book for January - December 2013 (Federal Trade Commission) The Consumer Sentinel Network (CSN) is a secure online database of millions of consumer complaints available only to law enforcement

Texas appeals court says police can't search your phone after you're jailed (Ars Technica) Looking at your texts is not like searching your pockets, judges say

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

RSA Conference USA (San Francisco, California, USA, February 24 - 28, 2014) Hundreds of game-changing interactions will give you an unparalleled diversity of industry insight and information based on best practices, real implementation stories, and detailed case studies. Each...

cybergamut Technical Tuesday: Virtualization Technologies in Cyberwarfare (Columbia, Maryland, USA, March 11, 2014) Virtualization is often talked about in the context of cloud computing, cost savings and enterprise environments. In this talk, Jason Syversen of Siege Technologies will introduce Intel, AMD and ARM virtualization...

Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework (New York, New York, USA, March 11, 2014) The Fordham School of Professional and Continuing Studies and the Fordham Computer and Information Science Department present this informative panel, open and free to the public.

Cybersecurity Tax Credits Webinar (Online, March 11, 2014) Learn about tax credits designed to help your cybersecurity company grow in Maryland. Details will be presented by Jeffrey Wells, Executive Director of Cyber Development and Mark Vulcan, Esq., CPA, Program...

ICS Summit 2014 (Lake Buena Vista, Florida, US, March 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset...

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified,...

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have...

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding...

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.