skip navigation

More signal. Less noise.

Daily briefing.

Inquiries into the denial-of-service campaign sustained by sites catering to Hong Kong's pro-democracy dissidents increasingly (and unsurprisingly) unearth what seems a Chinese government operation. FireEye finds binaries that indicate either government sponsorship or attackers' reliance on some "common quartermaster" that also supplies the security organs.

BlackEnergy continues to evolve into more sophisticated and dangerous forms. Kaspersky finds the crimeware kit has extended its reach not only into Windows and Linux systems, but into Cisco routers as well. Infections have turned up in at least twenty countries, and BlackEnergy's capabilities now include spying (of course) and also sabotage (rendering systems unbootable). Most observers still link the Sandworm use of BlackEnergy to the Russian government.

Pay card security issues lead vendors to look for replacements of traditional magnetic strip cards, but new approaches are themselves showing some holes. Newcastle University researchers report flaws in Visa's contactless payment system. Criminals can bypass the PIN required for large transactions by simply changing the currency unit and applying some plausible geolocation tradecraft (hacking where a foreign currency transaction seems legitimate, like an international airport terminal).

More details emerge on the OS X "Rootpipe" vulnerability.

Syracuse University researchers warn that some HTML5 mobile apps are susceptible to code injection attacks.

Symantec sees a rise in Poweliks fileless Trojan infections.

SINET announces the SINET 16: its selection of the top emerging cyber security companies.

A McAfee-sponsored study finds many admins disable next-generation-firewall features to improve sluggish network performance.

The black market increasingly turns to Bitcoin alternative Darkcoin.


Today's issue includes events affecting Belgium, China, France, Germany, Libya, Nigeria, Philippines, Poland, Russia, Sweden, Thailand, Turkey, Ukraine, United Kingdom, United States, and Vietnam.

The CyberWire will cover the National Initiative for Cybersecurity Education Conference this week, offering special issues on November 5, 6, and 7.

Cyber Attacks, Threats, and Vulnerabilities

Philippines Dept of Trade and Industry Hacked, Login Details Leaked by Anonymous (HackRead) An online hacktivist going with the handle of Anonymous Leyte has claimed to hack in to the official website of Philippines' Department of Trade & Industry (DTI), ending up with leaking login details of 1900+ members online yesterday

Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit (The Register) Now we're not saying it was the Chinese government, but

DDoS Against Hong Kong's Pro-Democracy Movement Linked to Chinese APT Actors (Infosecurity Magazine) As the pro-democracy movement in Hong Kong has continued to mount a series of protests, attackers believed to be China-backed have launched a series of distributed denial of service attacks (DDoS) against websites promoting the movement there

Report Links China to Cyberattacks on Hong Kong Protestors (TIME) A new report supports the theory that the Chinese government is sponsoring the attacks

BlackEnergy APT Has a Rich List of Plug-ins for Windows and Linux (Softpedia) Known for being used in cyber espionage operations as well as in financially driven campaigns, BlackEnergy advanced persistent threat (APT) has an entire infrastructure behind it and an adept group, known as Sandworm, customizing its functionality for a given mission

This system will self destruct: Crimeware gets powerful new functions (Ars Technica) Refurbished BlackEnergy does Windows and Linux — even Cisco routers

Flaw in Visa's contactless payment system could lead to fraud (Help Net Security) Researchers from Newcastle University have discovered a serious flaw in Visa's contactless credit cards which could allow attackers to siphon large amounts of money off users' bank accounts without them even noticing

Flaw in New 'Secure' Credit Cards Would Let Hackers Steal $1M Per Card (Wired) As U.S. banks and retailers are barreling toward a 2015 deadline to replace magnetic-stripe credit and debit cards with more secure cards that come embedded with a microchip, researchers have announced a critical flaw in the card system

Serious security flaw in OS X Yosemite 'Rootpipe' (ZDNet) Details are emerging about a serious vulnerability found by a Swedish hacker in Apple's OS X Yosemite, called "Rootpipe." A patch isn't likely to appear until January 2015

Why you should worry about HTML5 mobile apps (IT World) New research demonstrates that, unlike native apps, those written in HTML5 are susceptible to code injection attacks

Drupalgeddon megaflaw raises questions over CMS bods' crisis mgmt (Register) Fallout spreads as securobods issue warnings

Indiana State Department of Education Website Hacked (HackRead) A group of hackers going with the handle of Nigeria Cyber Army hacked and defaced the official website of State of Indiana Department of Education, Monday morning

GATSO! Speed camera phish leads to CryptoLocker ransomware clone… (Naked Security) Recently, we came across an intriguing phishing campaign that combines two feared products of the information age

Fileless Trojan Poweliks Virus on the Rise (Computer Business Review) Backdoor enabler delivered through phoney postal service spam. A fileless trojan virus that hides inside a registry key is becoming increasingly prevalent according to the security company Symantec

From the horse's mouth: brands leaking your information open the door to effective spearphishing (SecureList) A few months ago, I requested an online quote for some home repairs. The recipient was a very well-known company here in US. The service I got actually was very good. Under my explicit approval the company kept my email address and has been sending me several promotions that I had signed up to

Exposed Corporate Credentials on the Open Web, a Real Security Risk (Recorded Future) Last Friday, a New York Times article described how the recent online attack against JPMorgan was possibly connected to a data breach on a third-party website. The target mentioned in the article is Corporate Challenge, a company that organizes charitable races sponsored by JPMorgan

Rise of free Wi-Fi hotspots 'presents serious security risks' (We Live Security) The BBC reports that there is currently one Wi-Fi hotspot for every 150 people in the world, but these unmonitored hotspots can potentially cause problems, experts have warned

The psychology of Facebook scam victims (Help Net Security) A two-year study of over 850,000 Facebook scams by antivirus software provider Bitdefender has revealed that scammers have infected millions of users with the same repackaged tricks. The in-depth study was conducted on scams spreading across the UK, the US, Europe and beyond

Security Patches, Mitigations, and Software Updates

iOS 8.1.1 said to address iPhone 4S and iPad 2 performance problems (Ars Technica) When released, the update could fix one of iOS 8's worse regressions

Cyber Trends

2015 Predictions: The Invisible Becomes Visible (TrendLabs Security Intelligence Blog) 2014 brought with it many significant additions to the technology landscape. These put new capabilities into the hands of users and companies that allowed them to do things that they would not have thought possible before. However, these same changes also aid threat actors: threats can now come from unexpected vectors, and augment the existing capabilities that attackers already possess

Survey: Cybersecurity priorities shift to insider threats (Federal Times) A survey of federal IT managers in both the civilian and defense sectors showed a shift in cybersecurity concerns from outside actors to insider threats and a focus on the need to educate employees

Infosec heading to tipping point, says NTT Com Security (ComputerWeekly) Information security is heading to a tipping point that will force a shift in focus to understand threats and their potential impact on business, says NTT Com Security

Persistent cyberattacks of U.S. companies on the rise (Washington Times) Economic cyberwarfare is on the rise as cyberattacks on U.S. companies are increasing in both frequency and severity. And costs are mounting


Security Innovation Network (SINET) Announces Its 2014 Top 16 Emerging Cybersecurity Companies (Yahoo! Finance) The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, announced today the winners of its annual SINET 16 competition

Is cyber liability insurance right for your clients? (PropertyCasualty360) Zurich Insurance report details how companies are at risk, but not all are ready for a cyber attack

Prelert Aiming To Make Its Mark In Advanced Security Analytics (CRN) A new crop of emerging advanced security analytics vendors are promising to exceed security and information event management platforms and provide the visibility and context that incident responders need to investigate the riskiest threats to the network

Cyber-security newbie challenges for channel supremacy (CRN) Resolution1 Security expects to harvest up to 90 per cent of sales through partners after it goes live on 1 January

Belgacom sells Telindus to UK comms specialist (CRN) Telent extends reach with takeover of infrastructure services provider

Alcatel-Lucent adjusts cyber security strategy with Thales sale (Telecoms) Defence specialist Thales has confirmed the acquisition of Alcatel-Lucent's cyber security services and solutions division, as well as its communications security activities. In a strategic partnership, the two organisations claim the expertise of each will provide holistic, secure communications services

Company news: Big moves at Veracode, Malwarebytes and CipherCloud (SC Magazine) Prevendra, a Woodinville, Wash.-based security company, launched its Red Folder web application that allows users to put their important information behind a protected portal. This information can also be retrieved by a designated contact in case of emergency

Vintz Joins Executive Team to Help Tenable Scale for Next Phase of Growth (Tenable) Tenable Network Security®, Inc., the leader in continuous network monitoring, has appointed Steve Vintz as chief financial officer. An accomplished leader in financial, operational and strategic planning for high-growth companies in the technology industry, Vintz will have a critical role in leading Tenable to its next stage of growth. Vintz will have worldwide responsibility for finance, legal, human resources, corporate communications and information technology and will report to CEO Ron Gula

Products, Services, and Solutions

American Express Brings Tokenization to Payment Cards (Threatpost) American Express has taken steps toward lifting the burden from retailers having to store payment-card data with the announcement of its American Express Token Service

Researchers audit the TextSecure encrypted messaging app (Help Net Security) A group of German researchers have audited TextSecure, the popular open source encrypted messaging application for Android, and the news is good

RemoteIE gives free access to Internet Explorer VMs without the VM (Ars Technica) Service uses Azure RemoteApp to run the browser in the cloud

AVG Technologies Launches 2015 Products ( PR Newswire via CNN Money) AVG Zen update includes release of new AVG Protection and AVG Performance suites

10 Cool Security Tools Open-Sourced By The Internet's Biggest Innovators (Dark Reading) Google, Facebook, Netflix, and others have all offered up tools they've developed in-house to the community at large

Technologies, Techniques, and Standards

Drag Your Adolescent Incident-Response Program Into Adulthood (Dark Reading) It's not about how many tools you have, but what you can do with them

The View From A High-Value Data Breach Target (Dark Reading) Financial services, retail, media, and healthcare industry representatives share their biggest threats and strategies for combating them

Firewall admins turning off security to boost performance — bad move (Techworld via CSO) A third of organizations are turning off some of their next-generation firewall's (NGFW) security features to boost performance with the most commonly deactivated layer being intrusion prevention, a McAfee survey has discovered

Acting out: Cyber simulation exercises (SC Magazine) Simulation exercises show how companies should respond under a cyberattack, says HHS's Sara Hall

Preparing For A Data Breach: Think 'Stop, Drop & Roll' (Dark Reading) Breaches are going to happen, which is why we need to treat incident response readiness like fire drills, practicing time and time again until the response is practically instinctive

Spotting Malicious Injections in Otherwise Benign Code (Sucuri Blog) Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we scan through megabytes of HTML, JS and PHP. It's quite easy to miss something bad, especially when it doesn't visually stick out and follows patterns of a legitimate code

When to use tools for ISO 27001/ISO 22301 and when to avoid them (Help Net Security) If you're starting to implement complex standards like ISO 27001 or ISO 22301, you're probably looking for a way to make your job easier. Who wouldn't? After all, reinventing the wheel doesn't sound like a very interesting job

Using Relative Metrics to Measure Security Program Success (SecurityWeek) In my previous column, I discussed the "So What Factor", which reminds us that we must know our audience. Many of the people we interact with professionally will not be as enamored by the beauty or elegance of a technical solution as we are. Instead, they will be more concerned with consequences, effects, and results. As such, it's important to remember to communicate appropriately towards those ends

Three branches of security: Strengthening your posture with checks and balances (Help Net Security) With Election Day around the corner, we thought it an appropriate time to take a look at the checks and balances model that has served the United States well for over two centuries, and think about how it might apply to a more modern challenge — securing your enterprise

Making the Case for Application Security (Security Intelligence) Many of the most important assets organizations own are in the form of information. These include intellectual property, strategic plans and customer data. As we have seen in recent news reports, the cost of a data breach can be significant. Interestingly, one of the main areas of weakness in organizations' IT infrastructures occurs where people don't expect it — in the application layer

Forging administrator cookies and crocking crypto … for dummies (Register) Gun security chap releases infosec 101 courseware and book

Design and Innovation

A New Kind of Incubator Where Painters Rub Elbows With Physicists (Wired) Once or so a week — maybe more, maybe less, depending on her schedule — Janna Levin ventures from the Upper West Side of Manhattan, where she teaches astrophysics at Barnard and Columbia University, to Brooklyn's Red Hook neighborhood

From "cash only" to NFC-ready, how we buy determines what we buy (Ars Technica) Showrooming, car-sharing, and chicken sandwiches — all within a smartphone's reach today

Research and Development

Cars, toasters, medical devices add to DHS' cyber headaches (Federal News Radio) Cars, medical devices and even toasters are among the facets of life that are quickly becoming Internet based. This is why the Homeland Security Department already is working on cybersecurity technologies for these and many other everyday devices

A New Kind of Atom Trap Chip for Quantum Computers (IEEE Spectrum) Ultracold atoms have long been on the list of potential parts for quantum computers. Early experiments were done with tabletop experimental gear, more recently, but researchers have also designed chips on which these atoms can be trapped and cooled to near absolute zero. (Some such chips even achieved the strange physical state known as a Bose Einstein condensates.) However, even the chip-based traps had to be surrounded by a complicated sets of coils to create the required magnetic field for trapping them


Global cybersecurity skills shortage incoming, warns House of Lords committee (We Live Security) A special Parliamentary Select Committee has told peers in the United Kingdom's House of Lords that there will be a global shortage of "no less than two million cyber security professionals" by the year 2017, IT Pro Portal reports

Greg Shannon to Lead IEEE Cybersecurity Initiative (GovConExecutive) Greg Shannon, CERT Division chief scientist at Carnegie Mellon University's Software Engineering Institute, will lead the IEEE Cybersecurity Initiative as chairman

SAIC Donates $750,000 to Virginia Tech's Hume Center for National Security and Technology (MarketWatch) Over the next five years, company will support the Hume Center's Education Program and Intelligence Community Center for Academic Excellence

Legislation, Policy, and Regulation

British spy agency demands more help from tech titans (C/Net) Following US government counterparts, the new head of Britain's Government Communications Headquarters criticizes tech firms for permitting terrorists to use their services

HMRC promises post-Aspire world will not compromise cyber vigilance (Government Computing) Department's CIO responds to PAC query on security and says digital strategy relies on effective cyber monitoring

NSA director: US needs Silicon Valley's expertise (AP via the San Diego Union-Tribune) U.S. intelligence depends on Silicon Valley innovation for technologies that strengthen the Internet and staff to provide national cybersecurity, National Security Agency director Mike Rogers told Stanford University professors and students Monday

Task Force Cyber Awakening Recommendations Due (SIGNAL) The Navy task force is set to deliver its first report in November

As cyber force grows, manpower details emerge (Defense News) The military will need to expand its force of cyber warriors beyond plans for 6,200 personnel, and the individual services are hammering out the manpower-related details of precisely how to build that force from the ground up, according to a new Pentagon report

Litigation, Investigation, and Law Enforcement

Security contractor breach not detected for months (AP via KLTV 7) A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government's leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries told The Associated Press

Online Drug Dealers Are Now Accepting Darkcoin, Bitcoin's Stealthier Cousin (Wired) When the cryptocurrency darkcoin launched earlier this year, it distinguished itself from dozens of bitcoin copycats by promising to keep users' transactions far more anonymous than its predecessor. Now that promise is being tested in the Internet's fastest-growing proving ground for privacy technologies: the online black market for drugs

A top appeals court to hear why NSA metadata spying should stay or go (Ars Technica) DC Circuit Court of Appeals may confirm ruling that ended practice, was stayed

In Klayman v. Obama, EFF Explains Why Metadata Matters and the Third-Party Doctrine Doesn't (EFF) How can the US government possibly claim that its collection of the phone records of millions of innocent Americans is legal? It relies mainly on two arguments: first, that no one can have a reasonable expectation of privacy in their metadata and second, that the outcome is controlled by the so-called "third party doctrine," which says that no one has an expectation of privacy in information they convey to a third party (such as telephone numbers dialed). We expect the government to press both of these arguments on November 4, before the D.C. Circuit Court of Appeals. We look forward to responding

Sources: Navy intel chief's security clearance suspended, can't view classified info (Navy Times) The head of naval intelligence has not been able to view classified information for an entire year

NSA Chief Bet Money on AT&T as It Spied on You (Daily Beast) The former head of the world's biggest spy agency didn't just oversee the collection of billions of AT&T records. He also tried to make money off its customers

Not-so Anonymous: How hackers wreaked havoc in St. Louis (St. Louis Post-Dispatch) The first call came on a Thursday, 12 days after Michael Brown was shot. Patti Knowles and her granddaughter were watching "Mickey Mouse Clubhouse"

RBS to help police with cyber and other expertise to fight financial crime (ComputerWeekly) The Royal Bank of Scotland is to provide the City of London Police with free training and advice to help fight financial crime

Pirate Bay co-founder 'TiAMO' arrested in Thailand (BBC) A co-founder of Swedish file-sharing website Pirate Bay has been arrested while trying to cross into Thailand from Laos, local police say

Cyber-attack weblink 'malicious' (BBC) A Twitter user signposted cyber-attacks which crippled the Home Office website by flooding it with huge amounts of internet traffic, a jury heard

'US intelligence needs prosecutions to get more budget dollars' (Russia Today) There is competition among 17 US intelligence agencies — they catch people whether it is within the law or not to get part of the multi-billion 'black budget,' George Mapp, an investigative journalist, said on RT's In the Now show

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

NICE 2014 Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices,...

National Initiative for Cybersecurity Education Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) The NICE 2014 Conference and Expo features thought leaders from education, government, industry and non-profits to address the future cybersecurity education needs of the nation

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

THREADS Conference 2014 (Brooklyn, New York, USA, November 13, 2014) A 2-day conference exploring state-of-the-art advances in security automation. We will present new research and innovations on integrating security into modern software development and operations, focusing...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.