skip navigation

More signal. Less noise.

Daily briefing.

ISIS has long used Twitter and YouTube for recruiting, and it also draws significant donations from fundraising in social media. The US Treasury Department is working to disrupt that, as well as ISIS's use of conventional banking to collect, save, and move money. A whiff of ISIS's bad odor inevitably clings to Twitter, so it's worth remembering Twitter's positive role in 2009's Iranian dissent (a false dawn, but bright while it lasted).

The Pawn Storm cyber-espionage campaign shows what bad actors can achieve through social engineering. A sophisticated, patient organization (probably Russian, say some observers) did its homework, and the preparation paid off.

Microsoft's patches may have slowed Sandworm, but Sandworm seems to have regained its slither. Another recently patched set of vulnerabilities — these in Flash Player — is attacked in the wild: at least two exploit kits are available.

CryptoWall nearly destroyed an unnamed US not-for-profit recently. The ransomware continues its dangerous spread.

Another familiar malware family, the Backoff RAM-scraper, is also infecting machines at an increasing rate, this despite Backoff's very public prominence in retail data breaches.

Malvertising campaigns against commercial targets provide criminals with steady cash flow.

Cisco patches a Telnet remote-execution vulnerability. VMware fixes an information-disclosure bug in vSphere.

A new consortium forms to help franchise businesses with cyber security: DHS, NCSA, and IFA are in.

ESG sees a clear trend toward investment in "cybersecurity cavalry" as opposed to traditional network defenses.

Yesterday's attack on Canada's Parliament is thought to augur more extensive surveillance in that country.


Today's issue includes events affecting Australia, Canada, France, Iraq, Netherlands, Pakistan, Philippines, Poland, Russia, Syria, Turkey, Ukraine, United Kingdom, United States, Vatican.

CyberMaryland arrives in Baltimore next week, and the CyberWire will cover the conference with special issues and live tweets from the sessions. Watch for our coverage October 29 and 30.

Cyber Attacks, Threats, and Vulnerabilities

ISIS rakes in donations on Twitter (The Hill) The United States is "very focused" on disrupting the social media fundraising by supporters of the Islamic State in Iraq and Syria (ISIS), the Treasury Department said Thursday

Surprise! ISIL is using banks, and that makes it vulnerable (Quartz) We've long known that the Islamic State pulls in vast sums of money from oil sales, extortion, ransom, and donations — but it turns out that the group is also, somewhat improbably, using the international financial system to manage its money

Iran Protests: Twitter, the Medium of the Movement (TIME) The U.S. State Department doesn't usually take an interest in the maintenance schedules of dotcom start-ups. But over the weekend, officials there reached out to Twitter and asked them to delay a network upgrade that was scheduled for Monday night. The reason? To protect the interests of Iranians using the service to protest the presidential election that took place on June 12

Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users (IDG via CSO) A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics (Help Net Security) In a recently released whitepaper, Trend Micro researchers have shared many details about a long-standing economic and political cyber-espionage operation they dubbed Pawn Storm

US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm' (Dark Reading) Cyber espionage attackers "did their homework" in an attack campaign that has intensified in the wake of US-Russian tensions

Attackers bypass Sandworm patch with new 0-day (Help Net Security) The Sandworm vulnerability has been patched, but unfortunately attackers have discovered a way to bypass the patch and continue with their targeted attacks

Has the "Sandworm" zero-day exploit burrowed back to the surface? (Naked Security) You've probably heard of Sandworm

Two exploit kits prey on Flash Player flaw patched only last week (Help Net Security) Two exploit kits have been outfitted with the exploit for a Flash Player vulnerability that has been patched only a week ago, the researcher that goes by the handle Kafeine has shared on Tuesday

Disaster as CryptoWall encrypts US firm's entire server installation (CSO) "Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating

The 'Backoff' malware linked to data breaches is spreading (IDG via CSO) The number of computers in North America infected by the Backoff malware, which is blamed for a string of payment card breaches, has risen sharply, according to research from network security company Damballa

Are You Vulnerable to Memory Scraping? (And What to Do About It) (Fishnet Security) The Target breach that first made news in late 2013 was facilitated using "memory scraping malware" called "BlackPOS" or "TrackR" running on the Point of Sale (POS) systems. While many pundits have given Target a hard time, claiming they were misconfigured or that PCI compliance did not result in adequate security for cardholders, the truth is sensitive data having permanence in memory is a very prevalent problem affecting many types of point of sale systems. Worse yet, there is no quick and easy solution

Security Experts: Remove Reimage Optimization Tool (GDN9) According to the latest security researches, the suspicious computer optimization tool Reimage has managed to install itself on numerous computers without the permission of their users

Abandoned subdomains pose security risk for businesses (IDG via CIO) Many companies set up subdomains for use with external services, but then forget to disable them when they stop using those services, creating a loophole for attackers to exploit

Check Point suggests ways to thwart Admin WebUI exploits (InfoTechLead) Check Point Software Technologies announced that its Security Research Group has discovered vulnerabilities in the Admin WebUI portals of three network security vendors

'Malvertising' Crooks Earn $25,000 A Day Attacking Yahoo And AOL Users (Forbes) Cyber criminals were making an estimated $25,000 a day by forcing a host of big name websites, including Yahoo YHOO +1.27%! finance and sports sites, The Atlantic and a real estate service belonging to AOL AOL +3.35%, to chuck malware at visitors' PCs. Though none of those sites were hacked, they were serving ads from compromised advertising networks, in an attack type known as "malvertising"

Zeus malware: Analyzing next-generation features (TechTarget) An updated, 64-bit version of the Zeus malware leverages Tor for C&C. What does this mean for enterprises?

Fokirtor Trojan: How to avoid infection, boost Linux security (TechTarget) The Fokirtor Trojan creates a dangerous backdoor in Linux systems. Learn how to keep enterprise Linux systems from being infiltrated and compromised

VBS worms: Still dangerous? (TechTarget) VBS worms were a top security concern in the early 2000s. Should enterprises still be worried? Nick Lewis explains

Personal information of almost 100,000 people exposed through flaw on site for transcripts (Washington Post) The personal information of almost 100,000 people seeking their high school transcripts was recently exposed on a Web site that helps students obtain their records. The site,, facilitates requests from all 50 states and covers more than 18,000 high schools around the country, according to its Web site and company chief executive officer

Few vets use free credit monitoring after VA breaches (Military Times) Only about one in 25 veterans offered free credit monitoring in the wake of Veterans Affairs Department security breaches has signed up for the service, a figure that VA officials call disappointingly low

Employee Error at Touchstone Medical Imaging Exposes 307,528 Patients' Personal Data (eSecurity Planet) A folder containing billing information was mistakenly left accessible online

Security Patches, Mitigations, and Software Updates

Cisco Patches Three-Year-Old Telnet Remote Code Execution Bug in Security Appliances (Threatpost) There is a severe remote code execution vulnerability in a number of Cisco's security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years

VMSA-2014-0011 (VMware Security Advisories) VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability

Google rolling out new anti-piracy search algorithm (Ars Technica) "We've now refined the signal in ways we expect to visibly affect the rankings"

About the security content of QuickTime 7.7.6 (Apple Support) This document describes the security content of QuickTime 7.7.6. This update can be downloaded and installed using Software Update, or from the Apple Support website. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website

Microsoft offers two-factor authentication in Windows 10 (ITNews) Microsoft will bake two-factor authentication into its new Windows 10 operating system in an effort to avoid the data theft and systems break-ins that arise from the insecure single-password approach, the company said

Chipmaker deliberately cripples user devices with driver update (CSO) FTDI's anti-piracy efforts are intentionally bricking consumer devices

Cyber Trends

Your business can't afford the cost of cyber crime (CSO) It's not a surprise that cyber crime is costly for organizations. The cost of any lost productivity, combined with the fallout of any compromised data, the impact to the organization's reputation, and the cost to clean up and recover from an attack all add up

How cybercrime and cybersecurity affects nations and geopolitics (Crowdstrike Adversary Manifesto) The Adversary Manifesto recently spoke with Shawn Henry, President of CrowdStrike Services about geopolitics and cybersecurity. Henry is a sought-after expert on cybersecurity who was formerly the executive assistant director for the FBI. While there, Henry boosted the organization's computer crime and cybersecurity investigative capabilities

Cyber security's "Doomsday Warning" (Microscope) Earlier this month, President Obama spoke of a devastating wave of cyber attacks that could soon strike the US in what Washington insiders are calling a "Doomsday Warning"

3 Enterprise Security Tenets To Take Personally (InformationWeek) Individuals need to become conscious advocates for their own security — after all, no one cares about your data like you do

Security skills shortage leaving the UK open to attack (Microscope) Across the industry warnings are being sounded about looming skills shortages that are going to hinder the ability for firms to compete and innovate in the future


Cybersecurity help coming for franchises (The Hill) Two industry groups are teaming up to help franchise businesses learn about cybersecurity. The National Cyber Security Alliance (NCSA) — backed by companies such as Facebook, Google and Microsoft, as well as the Department of Homeland Security — will work with the International Franchise Association (IFA) on basic cybersecurity strategy

Enterprises Establish a 'Cybersecurity Cavalry' (Networkworld) As expert group gains status and budget, large organizations are moving away from the status quo

Tech firms form new security alliance, while new study details carding black market (FierceCIO) A new alliance of technology companies has formed "to help stem the rising tide of cybersecurity threats"

10 Things IT Probably Doesn't Know About Cyber Insurance (Dark Reading) Understand the benefits and the pitfalls you might miss when evaluating cyber policies

Who controls the data? The answer will be critical to insurers (Accenture Insurance Blog) Data privacy is set to be the catalyst for the emergence of a totally new business model: the trusted ecosystem

Angel Investing in Cybersecurity: Understanding the Technology (Mach37) In our White Paper "Angel Investing in Cybersecurity: Aligning With a Vertical Accelerator," we make the argument that by partnering with a vertical accelerator, angel investors can bridge the knowledge gap caused by the technical complexity of the cybersecurity market and establish the confidence needed to invest in it

The Laborers Who Keep Dick Pics and Beheadings Out of Your Facebook Feed (Wired) The campuses of the tech industry are famous for their lavish cafeterias, cushy shuttles, and on-site laundry services. But on a muggy February afternoon, some of these companies' most important work is being done 7,000 miles away, on the second floor of a former elementary school at the end of a row of auto mechanics' stalls in Bacoor, a gritty Filipino town 13 miles southwest of Manila

Force 3 Names Steve Scribner as New CFO (PRWeb) Force 3, delivering the best in federal security, collaboration, next-generation networking, and support solutions, today announced Steve Scribner as their new Chief Financial Officer

White Ops adds big-name security veteran (New York Business Journal) The ad-fraud detecting startup White Ops has added another senior-level veteran of the computer security industry to its team, hiring Eddie Schwartz as its first president and chief operating officer

Bricata, LLC Announces Management Team (Virtual-Strategy) Bricata announces the formation of its management team, bringing together nearly eight decades of combined cyber security, engineering, sales, and management experience

Products, Services, and Solutions

secunet wins PKI tender from the Norwegian Police (Biometric Update) Secunet has been awarded with a contract in which the Norwegian Police will use secunet's public key infrastructure as the basis to check electronic travel documents, as well as issue electronic passports and electronic residence permits in the near future

SolarWinds solutions approved for secure government deployment (Financial News) SolarWinds (NYSE: SWI) reported that multiple products are now certified under the Common Criteria for Information Technology Security Evaluation, an internationally recognized standard for computer security achieved through independent laboratory testing and evaluation

Blackthorn Technologies Launch Game-Changing Product Portfolio (Sys-Con Media) Blackthorn Technologies, a London-based software company, unveiled its new approach to product development today with the release of its first product from a new suite of software solutions aimed at large organisations who value data sensitivity and security

ESET bolsters flagship products (IT Web) Security solutions vendor ESET has unveiled the latest versions of its flagship security software products, ESET NOD32 Antivirus n8 and ESET Smart Security 8

Cutting-edge software helps detect cyberattacks, insider threats (Security Info Watch) Exabeam solution learns normal user behaviors and provides alerts about potential anomalies

Bitdefender Reveals Portable Adware Removal Tool (JBG News) Bitdefender has announced yet another way to keep you safe from the harmful viruses, adware, and malware available across the Internet, albeit with more of a focus on the adware aspect this time around. The security company has unveiled the Bitdefender Adware Removal Tool for PC. The tool is currently in the midst of its first public beta. The program will detect and remove and unwanted software from your computer, ensuring nothing harmful remains and you?re cleaned up perfectly

OPSWAT Introduces IP Scanning in Metascan Online (Virtual-Strategy) New IP scanning functionality of Metascan Online can help users guard against security risks from malicious and compromised websites

Snort has been released! (Snort Blog) Snort is now available on in the Snort Stable Release section

Authentic8 Enhances Silo for Enterprise Information Security Researchers (Marketwired) The one-time use browser and storage system adds a network of global Internet exit nodes for isolated and anonymous data analysis

Technologies, Techniques, and Standards

Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely (Wired) Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it's no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet "anonymity" or "invisibility." And as with any panacea in a box, the quicker the fix, the more doubt it deserves

Shellshock a Fail for Security Disclosure (eSecurity Planet) Shellshock and the Xen vulnerability. One of these things is not like the other, and an expert says they can teach us a lot about how to disclose security vulnerabilities

Hacked: What to Do When Cybercriminals Hit Your Firm (ThinkAdvisor) Kimberly Foss of Empyrion Wealth shares her experiences with cybercrime and how she's protecting her business

Security pros forgetting the basics, complains expert (IT World Canada) All IT security conferences have one thing in common: Speakers have dozens of ghastly, yet funny, stories of blunders

Cyber resilience: Why networks matter (C4ISR & Networks) To encourage a more stable, safe and resilient cyberspace, President Obama issued Executive Order 13636 in early 2013, which called for the establishment of a set of security standards for critical infrastructure, including military operations

How to kill a troll (Naked Security) A new Pew Research Center survey on online harassment — the first such of its kind undertaken by Pew — confirms what most of us already know: the internet can be a vicious, frightening place, especially for young people, and most particularly so for young women

Twitter invites us to say goodbye to passwords, use Digits instead (Naked Security) Passwords, says Twitter senior product manager Michael Ducker, "just suck"

Do we really need strong passwords? (Naked Security) The idea that computer users should use long, complex passwords is one of computer security's sacred cows and something we write about a great deal at Naked Security

'Spam Nation' Publisher Discloses Card Breach (KrebsOnSecurity) In the interests of full disclosure: Sourcebooks — the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information


Lessons in cybersecurity launched for schoolchildren (Telegraph) Secondary pupils across the UK will take part in cybersecurity lessons as Cabinet funded resources are launched in response to the rising industry skills gap

Trend Micro Supports Next Generation of Cybersecurity Professionals (CNN Money) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software, announced today its participation as a diamond sponsor of Carnegie Mellon University's annual "capture the flag" computer security game challenge, picoCTF2014

Legislation, Policy, and Regulation

Fort Meade and the Maple Leaf (Foreign Policy) The terror attacks in Ottawa mean that NSA-style surveillance could be coming to Canada much faster than anyone thought

Computer users who damage national security could face jail (Guardian) Human rights experts criticise proposed legislation saying new law could be used to target legitimate whistleblowers

Director of National Security Agency speaks about private, government partnerships in cyber defense (Augusta Chronicle) The director of the National Security Agency said Thursday that the nation's security rests on breaking down barriers between private and government sectors specializing in cyber defense

DTCC urges greater collaboration on cyber-crime threats (COOConnect) A white paper published by the Depository Trust & Clearing Corporation (DTCC) has urged regulators and financial institutions to collaborate more on the increasing threats posed by cyber-crime

Experts Fret Cyber Risk to Electronic Health Records (National Law Journal) A cybersecurity framework for medical devices and health-care technology needs to be developed in a partnership between the government, manufacturers and health-care providers, officials from across the public and private sectors during a workshop convened by the U.S. Food and Drug Administration

Cybersecurity Legislation Forecast is Grim (Threatpost) If you're expecting federal cybersecurity legislation any time soon, forget it

House CISO Talks Threat Landscape, Challenges with Information Sharing (Wall Street Journal) Darren Van Booven, CISO of the U.S. House of Representatives, runs into many of the same technological challenges as CISOs of big companies. He sat down with CIO Journal on the sidelines of the SC Congress, an information security conference hosted by SC Magazine, this week to discuss how he approaches both insider and outsider security threats, the role of information sharing in the government, and the importance of the security product portfolio. Here are edited excerpts

New York Financial Regulator Shifts Agency's Focus on to Cyber Security (SC Magazine) New York's financial regulator said on Monday his agency will focus on cyber security over the next year, saying the possibility of a systemic attack to the financial system is one thing that keeps him awake at night. Benjamin Lawsky, superintendent of the Department of Financial Services for the state of New York said, "It is impossible to take it seriously enough

Cyber disruption team practices online warfare (NBC 10 WJAR) Inside Rhode Island State Police headquarters, the National Guard, law enforcement and IT experts are training to be on the front lines of online warfare

Karen DeSalvo steps down from ONC post; Jacob Reider to leave in November (FierceHealthIT) Former National Coordinator will serve on HHS Ebola task force

Litigation, Investigation, and Law Enforcement

Where Is the Investigation Into Financial Corruption at the NSA? (The Atlantic) Suspicious business dealings by several high-ranking officials easily warrant an inquiry. Does anyone in Congress care enough to make it happen?

Why Was the NSA Chief Playing the Market? (Foreign Policy) Newly released documents show the NSA chief was investing his money in commodities so obscure that most financial pros stay away

Court Finds, Again, That Device ID Is Not Personally Identifiable Information (PII) Under The Video Privacy Protection Act (VPPA) (Global Regulatory Enforcement Blog) On October 8, 2014, a district court judge in Georgia dismissed with prejudice a Video Privacy Protection Act (VPPA) action against The Cartoon Network (CN), holding that the disclosure of the plaintiff's Android ID was not actionable because the Android ID did not qualify as "personally identifiable information" (PII)

10-Year-Old Filipino Virtual Girl "Sweetie" Takes Pedophile To Prison In Australia (HackRead) An Australian citizen Scott Robert Hansen, 37, was sentenced to one year in prison for keeping obscene conversations with children on the internet. Hansen was caught by Sweetie, a ten-year-old Filipino virtual girl

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Upcoming Events 2014 (arc Hotel Alvisse, Luxembourg, October 21 - 24, 2014) is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14:Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.