skip navigation

More signal. Less noise.

Daily briefing.

Researchers continue to unpack a possible second eBay security bug as eBay users brace for identity theft.

The novel "hacked-by-Oleg-Pliss" ransomware has affected many Apple users in Australia and New Zealand, and there's no reason to believe the campaign will be confined to those countries. Unlike more familiar forms of ransomware, "Oleg Pliss" doesn't encrypt victims' files, but instead activates the "Lost iDevice" feature on their iPhones or iPads. Security researchers offer advice on prevention and recovery (sound password practices are especially recommended) but much about the campaign remains baffling. Why should it seem confined largely to Australia and New Zealand—equally curious whether it used stolen credentials or exploited an iOS flaw?

Fidelis Security reported in February on the "STTEAM" cyber campaign afflicting Middle Eastern oil and gas companies; Recorded Future has an update.

Bitdefender says the instant messaging Trojan Gen:Variant.Downloader.167 is politely spreading itself through Europe and North America, asking nicely, "I want to post these pictures on Facebook, do you think it's OK?" (Tip: it's not "OK.")

Several Android exploits are currently active in the wild; other Android vulnerabilities are discovered in labs. Chinese Android users are hit by a banking Trojan that poses as a WeChat app. Researchers find some email and messaging programs (including Outlook) storing messages unencrypted on Android devices' SD card. Other researchers demonstrate that Android phones can be hacked to take pictures without owners' knowledge.

Snowden tells reporters he was "a trained spy," not just some lowly sysadmin.

Sabu walks with time served.

Notes.

Today's issue includes events affecting Australia, Bahrain, Canada, China, Denmark, Estonia, France, Germany, India, Iran, Israel, NATO, New Zealand, Pakistan, Palestinian Territories, Philippines, Romania, Switzerland, Thailand, United Arab Emirates, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

Has a second eBay zero day security flaw been discovered? (TechRadar) After last's week massive security alert, eBay may well have been hit by a second flaw, one which was discovered by a 19-year old British student

Identity Theft Could Soon Be A Reality For eBay Users (WebProNews) Identity theft is a constant concern for those who entrust their personal information to Internet companies. Now millions of users are at risk following a massive cyber-attack that recently hit eBay

Have you been hacked by Oleg Pliss? FAQ for iPhone and iPad users (Intego) iPhone, iPad and Mac users in Australia and New Zealand (and possibly elsewhere in the world) have been seeing a very strange message appear, demanding that they pay a ransom to regain access to their devices

CryptoDefense: The Ransomware Games have begun (Bromium Labs) If you see a text and / or HTML document on your Desktop called HOW_TO_DECRYPT with the following contents

Australian iPhone Hack Reminds Us Why We Need to Ditch Passwords (Wired) Australian Apple users have received a harsh reminder that computer passwords provide only a thin layer of protection on the internet

Shedding Light on STTEAM (Recorded Future) Researchers from Fidelis Security in February reported a newly identified cyber campaign dubbed STTEAM (PDF) found to be targeting oil and gas companies in the Middle East

Instant messaging Trojan spreads through the UK (Help Net Security) Hundreds of computer systems have been infected with the latest instant messaging Trojan. Bitdefender has spotted an increasing wave of infections in the past week in countries such as the UK, Germany, France, Denmark, Romania, the US and Canada

Chinese Users Targeted With Banking Trojan Disguised as WeChat App (SecurityWeek) A new banking Trojan disguised as the popular messaging app WeChat is being used by cybercriminals to harvest the financial data of Android users in China

Outlook for Android fails to keep emails confidential (Help Net Security) Did you know that Outlook and many other email and mobile messaging Android apps store your emails and messages on the device's SD card, unencrypted, and accessible to any third-party app that is permitted to access the card's contents?

Apps on your Android phone can take photos without you knowing (Help Net Security) A researcher has demonstrated that it's possible for malicious attackers to create an Android app that will surreptitiously take pictures and upload them to a remote server without the user being aware of or noticing it

Spotify Android Application at Issue in Breach (Threatpost) Users of Spotify on Android will soon be asked to update the application after a breach was reported this morning by the streaming music service's chief technology officer

Did an undisclosed SMF 2.0.6 flaw enable the AVAST forum breach? (SC Magazine) The AVAST forums were hacked on Sunday and about 400,000 users had information compromised. It might have been an undisclosed vulnerability in Simple Machines Forums (SMF) 2.0.6, the years-long community platform of choice for computer security company AVAST Software, that enabled attackers to compromise information on nearly 400,000 AVAST message board users

Internet Explorer 8 under threat in India: Cyber agency (Zee News) Cyber security sleuths have alerted Indian users against a "high" level virus activity in a select version of popular Microsoft-owned web browser — the Internet Explorer

Vulnerability title: Unathenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages (Portcullis Security) The default setup allows an unauthenticated user to access administrative functions such as backing up of key files within the CMS. This is done by appending the following to a domain using the software affected

Compromised non-payment card data on the rise: Trustwave (Credit Union National Association) Payment card data continues to lead the way in the type of online information most often compromised by data breaches, but data thefts involving non-payment card data is gaining ground, according to analysis from online security technology company Trustwave

Why More Retailer Breaches on the Way (BankInfoSecurity) Malware infections of POS networks Are multiplying

Fat-fingered admin downs entire Joyent data center (The Register) Cloud operator now home to most mortified sysadmin in the USA

AutoNation Acknowledges Third Party Data Breach (eSecurity Planet) Customers' names, addresses, e-mail addresses and credit card numbers may have been accessed

Security Patches, Mitigations, and Software Updates

Here's How to Keep Getting Free Security Updates for Windows XP Until 2019 — And Why You Shouldn't (Lumension Blog) Have you heard the news? A way has been found to trick computers into receiving security updates for Windows XP — even though Microsoft stopped officially supporting the operating system back in April

Cyber Trends

FireEye CEO IDs the next big cyber threat (CNBC) As the threat of cyber-security attacks continues to loom over U.S. businesses and the federal government, the CEO of FireEye said Tuesday that the rate of attacks has been rising

Why Companies Should Seek Help in Malware Detection (CIO) Companies have shortened the amount of time between malware infection and discovery, but too few organizations detect the breach on their own, a security report found

Co-op Identifies Ways to Improve Cyber Security (Electric Co-op Today) When it comes to the federal government's commitment to cyber security for the power grid, electric cooperatives see room for improvement

Estonia exercise shows NATO's growing worry about cyber attacks (Reuters via the Chicago Tribune) It started with hactivists defacing websites and a e-mails pointing users to links that stole data

Resiliency and Recovery Offset Cybersecurity Detection Limits (SIGNAL) Not only is the cost of cyber intrusion severe, the likelihood of it occurring is assured. Cybersecurity defenses must be flexible, innovative and persistent to address an ever-changing threat

Study Shows Businesses Not Prepared for Attacks (Huffington Post) Amazing: With the proliferation of cyber attacks globally, most businesses are ill-prepared to deal with this, says research from the Economist Intelligence Unit and Arbor Networks

Healthcare IT Security Worse Than Retail, Study Says (InformationWeek) Bad news for healthcare community: New study shows retailers like Target and eBay are more secure than many healthcare organizations

The cloud will transform the airport experience (Help Net Security) Airports are increasingly identifying the need to switch to cloud systems in order to improve operational efficiencies, according to Amadeus, who collected the viewpoints of over 20 senior IT leaders from the airport industry to investigate the business case for adopting cloud based Common Use systems at airports

Marketplace

Investors undeterred by data breaches (SFGate) Last week, eBay revealed that it had been hit by a cyberattack and data security breach, and users' information

China's Payback for US Hacker Indictments Begins (TechNewsWorld) The fallout from U.S. indictments against Chinese hackers is just beginning. "You'll probably see economic repercussions of one sort or another," said GWU's Frank Cilluffo. "Whether this was just the first shoe and there are others to drop, I'm not sure, but it will make what is already a complex and vexing market even more so for U.S. and other companies doing business in China"

Black Hat: We haven't been asked to block Chinese hackers (ZDNet) News broke Saturday alleging the US government would take steps to block Chinese attendees from America's biggest hacking conferences. Black Hat says, "not us"

Huawei ready to take on Cisco in enterprise networking (Want China Times) The rivalry between Chinese telecommunications giant Huawei and US-based Cisco Systems, a world leader in supplying networking equipment, is heating up as Huawei continues to come up with new technologies and products in the enterprise networking field, reports Shanghai's China Business News

F5 Networks Buys Defense.Net (Zacks) In a bid to strengthen its security service, F5 Networks Inc. (FFIV - Snapshot Report) has recently acquired Defense.Net, Inc., privately-held cloud-based security solutions provider. The acquisition is expected to boost F5 Networks' cyber security offerings. Financial details of the deal were not disclosed

Nokia fires up new security team for mobile broadband (ZDNet) Nokia is beefing up its mobile broadband business with a new security unit

AirPatrol Corp Lands Top Honors in 2014 Tech Awards (Wall Street Journal) Mobile device locationing and cyber security firm bests dozens of others to be named "Superstar Company of the Year" at the 2014 Tech Awards

Why Splunk, Inc. Shares Could Fly 40% (Motley Fool) Shares of Splunk, Inc. (NASDAQ: SPLK) surged 7% today after Northland Capital Markets upgraded the data management software technologist from market perform to outperform

Check Point Appoints Marie Hattar as Chief Marketing Officer (MarketWatch) New CMO brings extensive IT and networking marketing leadership to Check Point

Former IRS Chief Risk Officer David Fisher Joins SRA as VP, Biz Transformation Officer (GovConWire) David Fisher, former chief risk officer and senior adviser to the commissioner at the Internal Revenue Service, has joined SRA International as vice president and business transformation officer

Products, Services, and Solutions

BlackBerry Demos Super-Secure BBM Protected (PCMagazine) BBM Protected provides separate encryption keys for each message sent rather than one key for an entire conversation

Web application penetration testing with ImmuniWeb (Help Net Security) Switzerland-based ethical hacking and penetration testing experts High-Tech Bridge recently released an interesting security product that uses a hybrid approach towards web application security testing

Digital Shadows inks reseller agreement with Nettitude (BusByway) Digital Shadows, a cyber intelligence company that protects organisations from data loss and targeted cyber attack, has today announced that Nettitude, a global leader in the delivery of cyber security testing, risk management, compliance and incident response services, has signed an agreement to become a reseller of Digital Shadows' core managed services, Data SearchLight™ and Threat SearchLight™

Panda fuses with the Cloud (Gadget) Panda Security has announced its new cloud offering, Panda Cloud Fusion, offering organisations of most sizes security, management and support in one solution

Technologies, Techniques, and Standards

Stop attackers hacking with Metasploit (TechTarget) Automated security tools have been one of the most significant advancements in information security. Automation has become a necessity given the increasing complexity of networks and software — and the threats targeting them

How IT security experts handle healthcare network access (Health IT Security) Healthcare network security has become more complicated over the years because of the explosion of mobile device connectivity. And because it's so difficult for healthcare organizations to have a firm grasp on where their perimeters begin and end, they must look for new ways to ensure networks are secure both internally and externally

Should enterprises expect heightened risk on important dates? (TechTarget) Attackers seem to target enterprises more on important dates and holidays. How can enterprises adjust their defenses to account for expected heightened risks on certain dates?

Secure file sharing uncovered (Help Net Security) Ahmet Tuncay is the CEO of Soonr, a provider of secure file sharing and collaboration services. In this interview he talks about making security a priority, discusses what drives employees to routinely use personal online file sharing solutions for confidential data, outlines the critical features of secure file sharing solution, and more

Assessing SOAP APIs with Burp (Internet Storm Center) Something I've noticed recently is that most of the websites I've been asked to assess now seem to be "new, improved, and with an API". Often the API is based on SOAP, and it's been an interesting discussion on how best to scan these new Web Services based on WSDL for vulnerabilities

SSL After The Heartbleed (Dark Reading) Encryption gets a big wake-up call — and a little more scrutiny

Research and Development

Error Correction Moves Quantum Computing Closer to Reality (IEEE Spectrum) A new superconducting system operates with 99 percent accuracy

IBM patents fraudster detection technology for websites and apps (CSO) IBM has invented a technique for identifying fraudsters who have stolen credentials

Virus Bulletin announces Péter Ször Award (Virus Bulletin) 'Brilliant mind and a true gentleman' commemorated through annual award for technical security research

Academia

Students take part in UAE cyber security contest (The National) Dozens of students are taking part in a competition that aims to raise awareness of cyber security

Cyber-security energy firm to donate technology to Israel's first 'smart campus' (Jerusalem Post) Nation-E donates its energy infrastructure to the ORT Hermelin Academic College of Engineering and Technology in Netanya

Cyber Cadets: West Point Graduates Hackers (Bloomberg BusinessWeek) For the first time, this year's graduates of the U.S. Military Academy at West Point are able to join America's Cyber Command straight out of college. For years the Department of Defense has ostracised hackers but now they are encouraging and recruiting them

Legislation, Policy, and Regulation

Cyber espionage and US-China relations: The world's biggest candy store (The Interpreter) Don't believe anything you read on the cyber espionage spat between US and China. Depending on who's talking, the US is a 'thief crying stop thief' and a 'mincing rascal'; or China's 'scale of commercial hacking is immense', perhaps the 'greatest transfer of wealth in history'

The Thai junta briefly blocked Facebook in a dry run for a social media blackout (Quartz) The Thai junta briefly blocked Facebook in a dry run for a social media blackout

Instagram Banned in Iran Due to Privacy Concerns (HackRead) Earlier it was reported that Iran may have banned WhatsApp due to its 'American Zionist' ownership under Mark Zukerberg

Electronic spy agency gathers personal information in cyberdefence role (Canadian Press via the Vancouver Sun) Canada's electronic spy agency says it gathers and sometimes keeps personal information — including names and email addresses of Canadians — as part of efforts to protect vital networks from cyberattacks

Probe alleged US spying in PH: lawmaker (ABS-CBN News) A lawmaker wants the House of Representatives to probe into the alleged US spying operations in the Philippines through the National Security Agency's MYSTIC program

NSA reform lite (Eugene Register-Guard) Senate should pass tougher surveillance bill

Google's Brin Says NSA Surveillance Revelations Were a "Huge Disappointment" (Re/code) Onstage at Code Conference, Google co-founder Sergey Brin said that recent revelations of National Security Agency surveillance were "a huge disappointment, certainly to me and obviously to the world as a whole"

Senate defense bill mulls bonuses for cyber pros (Nextgov) Current and aspiring Defense Department personnel with cyber skills could see a boost in pay under a Senate 2015 defense policy bill that lawmakers detailed on Friday

Litigation, Investigation, and Law Enforcement

Kerry Tells Snowden to 'Man Up' and Come Home (AP via ABC News) Secretary of State John Kerry on Wednesday called National Security Agency leaker Edward Snowden a fugitive and challenged him to "man up and come back to the United States"

Snowden: I was a trained spy, not just a hacker (USA TODAY) Edward Snowden says he's more than just a hacker or systems administrator, as the Obama administration and media have portrayed him

Meet the Man Hired to Make Sure the Snowden Docs Aren't Hacked (Mashable) In early January, Micah Lee worried journalist Glenn Greenwald's computer would get hacked, perhaps by the NSA, perhaps by foreign spies

Kinsley, Greenwald and Government Secrets (New York Times) Michael Kinsley's review of Glenn Greenwald's new book, "No Place to Hide" hasn't even appeared in the printed Book Review yet — that won't happen until June 8 — but it's already infuriated a lot of people. After the review was published online last week, many commenters and readers (and Mr. Greenwald himself) attacked the review, which was not only negative about the book but also expressed a belief that many journalists find appalling: that news organizations should simply defer to the government when it comes to deciding what the public has a right to know about its secret activities

What does GCHQ know about our devices that we don't? (Privacy International) While the initial disclosures by Edward Snowden revealed how US authorities are conducting mass surveillance on the world's communications, further reporting by the Guardian newspaper uncovered that UK intelligence services were just as involved in this global spying apparatus. Faced with the prospect of further public scrutiny and accountability, the UK Government gave the Guardian newspaper an ultimatum: hand over the classified documents or destroy them

Do Personal Computers Come With NSA Surveillance Devices Built-In As Standard? (TechDirt) As Techdirt reported last year, one of the most bizarre episodes in the unfolding story of the Snowden leaks was when two experts from the UK's GCHQ oversaw the destruction of the Guardian's computers that held material provided by Snowden. As everyone -- including the Guardian's editor Alan Rusbridger — pointed out, this was a particularly pointless act since copies of the documents were held elsewhere, outside the UK. The only possible explanation seemed to be that the UK government was trying to put the frighteners on the Guardian, and engaged in this piece of theater to ram the point home. But a fascinating blog post from Privacy International raises the possibility that there is another far more disturbing explanation

Iranian court beckons Facebook's Mark Zuckerberg to answer accusations of privacy violation (Naked Security) Iran banned Facebook's WhatsApp earlier this month. The reason? WhatsApp has been bought by Facebook, which of course is owned by CEO Mark Zuckerberg — an "American Zionist", Abdolsamad Khorramabadi, head of the country's Committee on Internet Crimes, reportedly explained

Scenes from the Sabu sentencing: "I'm not the same person you saw three years ago. " (Ars Technica) All further indictments dropped and no more prison if the hacker stays out of trouble

Andy Coulson prosecution not fair or rigorous, phone-hacking trial told (The Guardian) Former News of the World editor's barrister says his client has faced a 'juggernaut' police investigation and prosecution

Houseguest downloads child porn, cops show up (Ars Technica) Giving out your Wi-Fi password always carries at least some risk

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Maryland Cybersecurity Roundtable (Hanover, Maryland, USA, May 29, 2014) U.S. Senator Barbara A. Mikulski and Governor Martin O'Malley will launch the Maryland Cybersecurity Roundtable on Thursday, May 29, at 1:30 p.m., at The Hotel at Arundel Preserve, Hanover, Md. They'll...

Cyber Security Summit (Huntsville, Alabama, USA, June 4 - 5, 2014) The North Alabama Chapter of the Information Systems Security Association and Cyber Huntsville Corporation are hosting the 6th annual Cyber Security Summit June 4-5 in the South Hall of the Von Braun Center.

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not...

Area41 (, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...

AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their...

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn...

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies...

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer...

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs...

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's...

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams...

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights...

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.