skip navigation

More signal. Less noise.

Daily briefing.

Iran's leaders, while not necessarily in sympathy with ISIS, have taken a page from its playbook: they appear to have begun using Twitter in information campaigns surrounding nuclear talks.

The long-running and sophisticated Regin cyber espionage campaign remains in the news, with word of more widespread infection (Russian and Saudi networks are by far, however, the leading targets). The Intercept is attributing the campaign to a joint Anglo-American operation. Trend Micro points out that Regin, while in many respects novel, has its precedents. Policy wonks see Regin as part of the increasingly normalized conduct of espionage in cyberspace.

FireEye thinks the group behind Clandestine Fox (probably Chinese actors) is responsible for "Double Tap" — an exploitation of a recently disclosed Windows OLE flaw.

Trend Micro sees increasingly stealthy versions of Flash malware in exploit kits.

Craigslist was taken down over the weekend, as was Sony. Craigslist is back up; Sony remains in the process of recovery.

Patches are out for vulnerabilities in both Docker and WordPress.

Retailers brace for the holiday shopping season, with this Friday likely to see an upsurge in cyber crime.

Finding French regulations too onerous for good business, zero-day specialists Vupen announce plans to reorganize in Luxembourg and Singapore.

ENISA has issued new cryptographic guidelines.

Sino-US cyber talks fizzle. HM Government renews attempts to increase police ability to access Internet data in the UK. In the US, NSA's privacy officer defends her agency's practices, and Director Rogers tells Congress that you can't just play defense in cyberspace.


Today's issue includes events affecting Afghanistan, Austria, Belgium, Brazil, Canada, China, Fiji, Germany, India, Indonesia, Iran, Ireland, Kiribati, Malaysia, Mexico, Pakistan, Romania, Russia, Saudi Arabia, United Kingdom, United States.

We'll be observing the Thanksgiving holiday this week, and won't publish on Thursday or Friday. The CyberWire will reappear as usual on Monday, December 1.

Cyber Attacks, Threats, and Vulnerabilities

Twitter account associated with Iran leader hits out at 'arrogant' powers (Reuters) A Twitter account Iran experts believe is run by the office of Supreme Leader Ayatollah Ali Khamenei said on Tuesday "arrogant" powers had tried hard to bring the Islamic Republic to its knees but had failed

Secret Malware in European Union Attack Linked to U.S. and British Intelligence (Intercept) Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept

Regin: Nation-state ownage of GSM networks (SecureList) "Beware of Regin, the master! His heart is poisoned. He would be thy bane"

Regin: Sophisticated Malware, But Not Without Precedent (TrendLabs Security Intelligence Blog) Recent reports have implicated a sophisticated piece of malware known as Regin in targeted attacks in various countries. Regin was described as being highly sophisticated and designed to carry out long-term stealthy surveillance on would-be victims at the behest of its creators, who have been suggested to be nation-states. Telecommunication companies are believed to have been the primary targets of this attack

Belgin [sic] backdoor: Sophisticated, stealthy, state-sponsored? (Help Net Security) Symantec researchers are warning about a new, complex cyber espionage tool that has been around for years and that has likely been created and is wielded by a nation state

Highly advanced backdoor trojan cased high-profile targets for years (Ars Technica) "Backdoor Regin" bears a resemblance to Stuxnet, was developed by a wealthy nation

APT operation 'Double Tap' exploits serious Windows OLE bug (SC Magazine) APT3, a group believed to be behind "Operation Clandestine Fox," is now using exploits targeting recently disclosed vulnerabilities in Windows, researchers at FireEye found

Obfuscated Flash Files Make Their Mark in Exploit Kits (TrendLabs Security Intelligence Blog) In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more digging and found out that the number of Flash files isn't the only thing that has changed: these files use obfuscation techniques than files from two to three years ago

Resurgent Android Worm Develops Conficker-Like Sophistication (Infosecurity Magazine) NotCompatible, an Android malware threat that's been around for a couple of years, has re-emerged with a fresh variant that sets a new bar for mobile malware sophistication and operational complexity. The command infrastructure and communication now self-protects through redundancy and encryption

Sony Pictures Shuts Down Systems After Cyberattack (TIME) A message from the hackers bears a picture of a skeleton and threatens to release the company's "top secrets"

Sony Pictures hacked, entire computer system unusable (Office of Inadequate Security) When reports emerged that Sony had been hacked, I didn't post anything here, waiting for confirmation. Instead of confirmation, Sony denied all claims of hacks

Craigslist back up and running after DNS hijack (Naked Security) If you had trouble getting onto Craigslist to sell your apple green velvet armchair over the weekend, join the club: the site was hijacked on Sunday night

Craigslist DNS hijacked, redirected at infamous “prank” site for hours [Updated] (Ars Technica) Craigslist CEO: domain registrar was compromised, sending traffic to "various sites"

MalwareBytes forum hacked, users asked to reset passwords. (MalwareBytes) MalwareBytes, the world renowned anti-malware or malware prevention company has recently found out that its forum was hacked on Monday the November 10th

Fake banking Apps with Malware in Google Play Store target Android users (HackRead) The security researchers from Kaspersky Lab discovered two fake malicious banking apps on Google Play store targeting Brazilian Android users

Timing Attack and the importance of controlling the length of the input — The Case of Drupal CVE-2014-9016 (#/dev/console) First of all, let me introduce you to my partner Javier Nieto from Behindthefirewalls. We have written this post together and we hope you enjoy it

Microsoft Refutes Rumors of Being Hacked (Gameranx) Microsoft has investigated claims made by online group DerpTrolling

Scammers used fake product listings to steal from Walmart (Help Net Security) On November 13, US retailer Walmart announced that they will officially start matching the price for items which are also sold for a lower price by online retailers. Less than a week later, the price matching policy has been amended to exclude marketplace vendors, third-party sellers, auction sites or sites requiring memberships

What Healthcare Can Learn From CHS Data Breach (InformationWeek) Security breach that exposed personal data on 4.5 million Tennessee healthcare system patients offers key lessons to prevent similar cyber attacks

Security Patches, Mitigations, and Software Updates

WordPress releases critical security fixes: News tech leaders need to know (Financial Post) Companies whose blogs rely on WordPress should upgrade immediately if they're running version 3.9.2 or earlier. A critical cross-site scripting vulnerability could allow anonymous users to compromise the site

Docker 1.3.2 — Security Advisory (Openwall) Today, we are releasing Docker 1.3.2 in order to address two critical security issues. This release also includes several bugfixes, including changes to the insecure-registry option

Cyber Trends

Nearly half of all web application cyber attacks target retailers, study shows (ComputerWeekly) Nearly half of all web application cyber attack campaigns target retail applications, a study has shown

Black Friday and Cyber Monday will put retailers under pressure (Help Net Security) Retailers are currently preparing themselves for two very busy shopping days. Black Friday (28th November 2014) and Cyber Monday (1st December 2014) will see shoppers spend millions online

US Cybersecurity Practices Fail To Keep Pace With Cyber Adversaries (HS Today) As cyber criminals and nation-state actors continue to adjust their tactics to maintain advantages, businesses and government agencies are struggling to counter the increasing sophistication of cyberattacks with the ability to seriously impact growth


Vente de failles : Vupen veut quitter la France et blâme les lourdeurs administratives (ZDNet) Sécurité : Selon l'Express, la société souhaite s'installer son siège au Luxembourg et à Singapour. Spécialisée dans la vente de faille 0day, Vupen se plaint des lourdeurs et incertitudes administratives qui pèsent sur son secteur d'activité

CYREN: Still Waiting For New Product Uptake (Seeking Alpha) CYREN (NASDAQ:CYRN) once again disappoints as investors look for signs of life in the rollout of the new cloud-based WebSecurity product. At this point, the catalyst to move the stock up is not so much current earnings but evidence that the new product can sell

RedSeal Expands Core Management With Industry Veterans Leslie Canning and Roberta Gray (Sys-Con) RedSeal, the end-to-end provider of network visibility and intelligence to evaluate and strengthen network defenses, today announced that building on current market momentum, it is expanding the senior management team with two key appointees. Leslie Canning has been named Executive Vice President for Worldwide Sales, and Roberta Gray has been appointed Vice President of Marketing

Products, Services, and Solutions

Nationwide, Hartford Steam Boiler Offer Cyber Cover for Small Business Owners (Insurance Journal) As more than half of all U.S. small businesses have experienced a data breach, Nationwide has joined forces with Hartford Steam Boiler (HSB) to offer cyber insurance coverage for small business owners. The services and coverages help small businesses respond to a data breach, computer attack or identity theft and get their business, personal identity, and overall reputation back on track

Rambus Cryptography Research Division Licenses Security Technologies to Cisco (BusinessWire) Rambus Inc. (NASDAQ:RMBS) today announced that its Cryptography Research division has licensed select security-related technologies to Cisco Systems. The agreement enables Cisco to integrate relevant security technologies into Cisco products to provide protection against unauthorized access and mitigate security threats. Specific terms of the agreement are confidential

NTT Data implements Cryptomathic key management system (Finextra) Cryptomathic announces that leading IT services provider, NTT DATA, has implemented Cryptomathic's Key Management System (CKMS) across its payment processing platform in Italy, to centralise the management of cryptographic keys

CloudFlare Will Offer A Local Version Of Its Web Security Service In China In 2015 (TechCrunch) CloudFlare is tackling a long-standing goal and bringing its internet security and performance service to Mainland China next year. The U.S. company will open 12 data centers on Chinese soil over the next six months in a move that gives overseas websites and services improved performance on the ground, not to mention will increase its business in China

Google Brings Open Source Security Gifts (eSecurity Planet) Google isn't just about search anymore. In recent weeks it has announced multiple security projects including Santa for Mac

New Generation of WatchGuard Firewalls Enable Mid-Size Enterprises to Keep Pace with Explosive Growth in Encrypted Traffic (CSO) Dramatic increase in security horsepower vaults WatchGuard's new Firebox® M400 and M500 firewalls past competition by up to 149 percent in encrypted traffic inspection and up to 61 percent in overall performance

WatchGuard Technologies Partners with Fujitsu Fsas to Deliver Managed Network Security Solutions in Japan (India PR Wire) WatchGuard Next Generation Firewalls and Unified Threat Management appliances selected for breadth of security services, system management and real-time visibility tools

You've Got Malware: Infoblox Introduces Free Product Evaluation to Find the DNS Footprints of Cybercrime Inside Enterprise Networks (MarketWatch) Infoblox Inc. BLOX, +1.16% the network control company, today introduced a free DNS-based evaluation product to help find malware carefully hidden by cybercriminals inside enterprise networks

Secure Dell Windows 8.1 Tablet Offers Mobile Computing up to Top Secret level (MarketWatch) Integrated Eclypt® hard drive accredited for Top Secret (UK and Canada), NATO Secret, and FIPS 140-2 data encryption

Technologies, Techniques, and Standards

Fighting malware, emerging threats and AI (Help Net Security) Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud

Thwarting attackers with threat intelligence (Network World) News reports show cyber attacks continue to outpace IT's ability to protect critical data, but teams that have built systems to deliver accurate threat intelligence can often end an attack before damage is done. Threat intelligence comes from commercially available information, ongoing analysis of user behavior and native intelligence from within the organization

ENISA guidelines on cryptographic solutions (Help Net Security) ENISA launched two reports. "Algorithms, key size and parameters" is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection. The "Study on cryptographic protocols" provides an implementation perspective, covering guidelines regarding protocols required to protect commercial online communications containing personal data

Algorithms, key size and parameters report — 2014 (ENISA) During 2013, ENISA prepared and published its first reports with cryptographic guidelines supporting the security measures required to protect personal data in online systems. Recently published EC Regulations on the measures applicable to the notification of personal data breaches [118] make reference to ENISA, as a consultative body, in the process of establishing a list of appropriate cryptographic protective measures

Study on cryptographic protocols (ENISA) Cryptographic algorithms, when used in networks, are used within a cryptographic protocol. In the ENISA algorithms report of 2013 [113], several protocols were discussed. In this document (which is the sister document of the 2014 report [115]) we extend the work in the 2013 report to cover more categories of protocols

Commentary: Cyber threats demand executive not just IT skills (FedScoop) It seems that every week we read about another cyber incident or data breach on the front pages of online or print news publications. While breaches of banks and retailers are now routinely part of that news, so are more worrisome threats

Cloud-Based Security: The Next Generation of Defense for the Good Guys (CrowdStrike Adversary Manifesto) How does your company use the cloud? Almost certainly it allows your employees to work more efficiently by enabling them to access email and vital documents wherever they are in the world. Perhaps it also enables your R&D team to process petabytes of information into useful and valuable data sets in the blink of an eye. But are you taking advantage of the benefits of the cloud to protect your email servers, support data privacy and integrity, and protect your intellectual property from cyber theft?

Emergency Preparedness Plans Must Involve Preparation For All Disasters, Including Cyber (HS Today) In September 1989, South Carolina was wildly unprepared when Hurricane Hugo — a Category 4 storm with estimated winds of 135 miles per hour — hit South Carolina's coast, claiming 49 lives, causing the equivalent of over $13 billion dollars in damage in 2014 dollars, and displacing 60,000 from their homes

Free Wi-Fi not good 'cyber hygiene', says former Homeland Security chief (Thompson Citizen) Former U.S. Homeland Security chief Michael Chertoff has a handful of golden rules for what he calls good Internet hygiene. And the first is simple: don't use the free Wi-Fi

Tips to avoid online scammers this holiday season (Help Net Security) With Black Friday and Cyber Monday offers, often dramatically cutting prices for one day only, there will be many genuine deals to be had. The problem for many of us is how to spot the real deal, from the scam? Here's five tips to prevent you gifting your money to the criminals these holidays


UTSA to train more American cities to fight cyber attacks (San Antonio Business Journal) The University of Texas at San Antonio will share in a $2.3 million grant over the next three years to help communities protect their critical assets from possible cyber attacks

DHS Announces The 2015 Cyber Student Volunteer Initiative (National Journal) The Department of Homeland Security today announced the launch of the 2015 Secretary's Honors Program Cyber Student Volunteer Initiative for current two- and four-year college students. Beginning in the spring of 2015, more than 75 selected students will complete volunteer assignments supporting the DHS cyber mission at department field offices in over 50 locations across the country

Facebook Now a Cyber Gold Sponsor for the Air Force Association's CyberPatriot Program (PRNewswire) The Air Force Association today announced that Facebook, the world's leading social media website, has partnered with CyberPatriot — the National Youth Cyber Education Program

Legislation, Policy, and Regulation

U.S. Plays Cyberspy vs. Cyberspy (Bloomberg View) With revelations that critical infrastructure in the U.S. has been under sustained attack, likely perpetrated by Russia, it's easy to forget that we're not merely a victim amid the waves of repeated cyberattacks

Cybersecurity: Time for the U.S. to Stop Negotiating with China and Start Acting (Daily Signal) It comes as no surprise that the U.S.–China cybersecurity talks at the Asia–Pacific Economic Cooperation (APEC) largely failed. While Obama was in China The Washington Post reported that the Chinese were the prime suspects in hacks against both the National Oceanic and Atmospheric Administration (NOAA) and the U.S. Postal Service (USPS)

Internet data plan back on political agenda (BBC) A law forcing firms to hand details to police identifying who was using a computer or mobile phone at a given time is to be outlined by Theresa May

NSA director: "Totally defensive" a losing strategy (Fierce Government IT) Although there are no established principles for norms in cyberspace, such as what qualifies as an "act of war," the idea that nations should refrain from offensive action and operate day-to-day completely on the defensive is not acceptable to the U.S. military, said Vice Adm. Mike Rogers, the dual-hatted head of the National Security Agency and Cyber Command

NSA privacy chief defends agency's surveillance (ComputerWorld) Rebecca Richards, the agency's first privacy director, answers public questions on Tumblr

Wyden pledges to pursue NSA reform (Oregon Bulletin) Failure of data collection bill to advance does not mean end of reform efforts

DHS Set to Destroy Governmentwide Network Surveillance Records (Nextgov) The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called Einstein that are at least three years old, but not for security reasons

California attempting to lead on data privacy rights — again (FierceBigData) Voters overwhelmingly approved a California constitutional amendment aimed explicitly at granting the right to data privacy — in 1972. No, that is not a typo. That happened in 1972. Now the state of California appears to be stepping up again to take on privacy more stringently even as legislators at the federal level cave to lobbyists

Litigation, Investigation, and Law Enforcement

Making law enforcement more difficult with mobile-device locks (News & Observer) Mobile device manufacturers are strengthening privacy protections on their products in a move that will make it more difficult for law enforcement officials to access data stored on the smartphones and tablets of criminals for which they have a warrant to search

FBI offers $1 million reward for anybody who can help catch online car scam fugitive (Naked Security) The alleged kingpin behind a multimillion-dollar online car selling scam, Romanian fugitive Nicolae Popescu, just made it onto the FBI's 10 Most-Wanted Cyber Fugitives list

Google reaches settlement with troll victim (Naked Security) Since 2011, an unknown internet troll has allegedly been lying about UK businessman Daniel Hegglin, calling him — among other things — a Mafioso, a Ku Klux Klan sympathizer, a paederast, a "bribed worm", and a "Naziterrorist principal of murders"

System admin sentenced for hacking Navy database (C4ISR & Networks) A former nuclear systems administrator with the Navy was sentenced to two years in prison for his role in the 2012 hacking of the Navy's Smart Web Move database and publicly releasing personal records of some 222,000 service members

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

After the Breach: 1st Annual DePaul University Cyber-Risk Conference (Chicago, Illinois, USA, December 2, 2014) DePaul University's Arditti Center for Risk Management, Center for Financial Services, and the College of Computing and Digital Media are proud to collaborate with Sapient Global Markets as moderators...

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage...

Upcoming Events

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, December 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood...

After the Breach: 1st Annual DePaul University Cyber-Risk Conference (Chicago, Illinois, USA, December 2, 2014) DePaul University's Arditti Center for Risk Management, Center for Financial Services, and the College of Computing and Digital Media are proud to collaborate with Sapient Global Markets as moderators...

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed...

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)2 Security Congress, now in its fourth year, (ISC)2 Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.