skip navigation

More signal. Less noise.

Daily briefing.

The annual hacktivist assault on Israeli networks (and on other identifiably Jewish sites) is due to return tomorrow; many intended targets tighten security and raise awareness. (Coincidentally, a University of Haifa study finds that cyber attacks can prompt severe psychological and physical stress.)

Ireland appears to be facing a smaller hacktivist threat, this one prompted by discontentment over water utility management.

Observers note Russian success in information operations, and wonder at the lack of comparable American capability. Those observers think the gap arises in part from relatively low financial support for effective organizations with Cold War roots, in part from mismanagement in the better-resourced precincts of the State Department. Russian success in social media seems particularly marked, and in online Russian news outlets like the (very American-looking) RT.

Trend Micro warns of two current threats: "NewPosThings" point-of-sale malware (found infecting airport shops) and "CRYPVAULT" (an evolved ransomware attack kit).

GitHub seems to have largely recovered from the denial-of-service attacks it suffered over the last two weeks.

VMWare has patched a Java information disclosure vulnerability. Payment service Venmo upgrades to two-factor authentication. Microsoft reminds users that support for Windows Server 2003 will soon expire.

Retailers struggle to implement lessons learned from last year's data breaches. Start-ups, app developers, healthcare institutions, and universities continue to appear security laggards: enterprises in the first two categories are resource-strapped, in the second two surprisingly unaware of their risks.

Reactions to last week's US Executive Order on sanctions for cyber attacks range from celebratory to cautionary.


Today's issue includes events affecting Canada, China, Ireland, Israel, Republic of Korea, Russia, Spain, United States.

Cyber Attacks, Threats, and Vulnerabilities

ADL Warns of Antisemitic Hackers' Plan of Cyber Attacks on Jewish Institutions (JPUpdates) International hackers are setting their sights on Jewish and Israeli targets as part of what has become an annual anti-Israel cyber-attack campaign

Anonymous Hackers Vow to Shutdown IT System of Irish Government (HackRead) Anonymous hackers from Ireland have vowed to target government of Ireland on 5th May 2015, shutting down its IT system and leaking confidential information online

Sanctions-Strapped Russia Outguns the U.S. in Information War (Bloomberg) Moscow drowns out Voice of America, and facts are a casualty

'NewPosThings' malware evolves, malicious traffic traced to airports (SC Magazine) While observing the evolution of point-of-sale malware, called NewPosThings, Trend Micro traced suspicious traffic back to two U.S. airports.

CRYPVAULT: New Crypto-ransomware Encrypts and "Quarantines" Files (TrendLabs Security Intelligence Blog) We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These "quarantined" files are appended by a *.VAULT file extension, an antivirus software service that keeps any deleted files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to an infected system

SWF Files Injecting Malicious iFrames on Wordpress, Joomla Sites (Threatpost) Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites

GitHub triumphant over its 'largest ever' cyber pummeling (Fortune) As the days-long distributed denial of service attack on GitHub subsides, more evidence links it to China

Expired Google certificate temporarily disrupts Gmail service (IDG via CSO) Google forgot to renew one of its TLS certificates, leading to service disruption Saturday for people using Gmail through third-party email clients

Bug at exposed email addresses (The Hill) A newly discovered bug at revealed email addresses of current and former subscribers and in some cases, the petitions they signed

Caminito del Rey over-booking chaos blamed on cyber-attack (EuroWeekly News) Investigations are underway to ascertain whether an alleged cyber-attack that caused over-booking for the Caminito del Rey yesterday, April 1, also affected other days

Security Patches, Mitigations, and Software Updates

VMWare Fixes Java Information Disclosure Vulnerability (Threatpost) Virtual Machine maker VMware has updated a slew of its offerings in order to address a critical information disclosure vulnerability in the Oracle's Java runtime environment (JRE)

It's safe to use Venmo again (Techno Buffalo) Venmo's credibility took a hit last month when a vulnerability was brought to light by Slate. Basically, the lack of two-factor authentication made it really easy for accounts to be hijacked, leading many users, including one of our own, to unlink their banking information from the service

Microsoft urges companies to upgrade old servers, warns of cyberdangers (Globe and Mail) You really need to upgrade your servers, Canada

Microsoft rolls back commitment to Do Not Track (Computerworld via CSO) Will stop setting the 'don't track me' signal as on by default in its browsers

Cyber Trends

Cyber terrorism triggers severe psychological, physical stress, Haifa researchers shows (Jerusalem Post) "Vast majority of public are complacent and, until they are exposed to a personal cyber attack, they see cyber terrorism as nothing more than an inconvenience," expert says

Data breaches drive big changes for U.S. merchants (Examiner) Under the best of circumstances, business owners have a constant struggle to deal with fickle consumer tastes, increasing competition, and burdensome government regulation. But with the "data breach of the week" dominating today's headlines, the process of just getting paid is about to get even more complicated for U.S. merchants over the next three to six months

What Have You Learned, Target? (Slate) We still have no idea how to make companies take data breaches seriously

Poor Security Measures Make Startups Easy Hacking Targets (Social Times) Social media startups are full of energy and desperate to push their product to market. In this haste, basic security protocols are often overlooked. Snapchat has had many security flaws, and several Tor router projects were sunk by poor security. Because of this poor security, startups may have made themselves targets, according to The New York Times' Bits blog

Study: Half of app Makers Spend $0 on Security (Mocana On Blog) A study by the Ponemon Institute of over 400 large Fortune 500 companies reveals a staggering lack of mobile app testing, security and funding for their apps

How exposing more digital flaws could actually be harming security (Christian Science Monitor Passcode) Jeff Schmidt, whose firm discovered a widespread Microsoft bug, worries that businesses are suffering from vulnerability fatigue. As a result, he says, they aren't doing enough to protect themselves from digital assaults

RSA Conference 2015 preview: Is IoT hype justified? (TechTarget) The Internet of Things dominates the agenda at RSA Conference 2015, but experts believe enterprises should focus their attention on threat intelligence and other topics

Are you safe in the Internet of Things? (USA TODAY) The Internet of Things, the popular name for the technology by which devices are connected and controlled over the Internet, is big, and it is only getting bigger. The presently estimated number of Internet of Things devices of 4.9 billion devices is expected to rise to 25 billion by 2020. IBM has recognized the opportunities present in the Internet of Things and earlier this week announced it is investing $3 billion in a new business unit that will focus entirely on developing products and services for the Internet of Things


Boards must up their game before the hackers claim checkmate (Help Net Security) In today's climate, the cyber security paradigm is a reactive cycle. When a threat is uncovered, it is examined and a counter-measure is created, with response times varying from weeks to years

Air Force Picks 17 for $6B Network Operations Support IDIQ (GovConWire) The U.S. Air Force has awarded 17 companies spots on a potential seven-year, $5.79 billion contract meant to provide federal civilian and military agencies with network operations and infrastructure services

RedSeal relauches with new features and $17M in funding (Vator News) RedSeal develops security risk management software so companies can eliminate cyber threats

Hudson's Corero opens Scotland R&D office (Worcester Business Journal) Internet security provider Corero Network Security of Hudson will open a research and development center in Scotland, the company announced Thursday

WatchGuard Technologies Named to JMP Securities' Fast 50 List of Hottest Privately Held Security and Networking Companies (PRNewswire) Report highlights WatchGuard's modular platform approach, ability to continually innovate to keep up-to-date with ever-changing threat landscape

FireHost CEO steps down; founder takes over top position (Dallas Morning News) FireHost founder Chris Drake is back at the top spot after CEO Jim Lewandowski stepped down two weeks ago for personal reasons, the Richardson-based secure cloud provider said today

Products, Services, and Solutions

Intel, Broadcom Look to Secure IoT Payments (eWeek) Intel is partnering with Ingenico to develop devices to secure credit card payments, while Broadcom's new chips offer integrated NFC capabilities

Blue Coat Systems and Prelert Partner to Provide Anomaly Detection in Security Solutions (Framingham Patch) Prelert is a Framingham-based company

Barracuda Mobile Companion (ZDNet) The Barracuda Mobile Companion works with the Barracuda Mobile Device Manager and allows organizations to centrally manage Android devices. The agent is used to enroll devices with the cloud-based Barracuda Mobile Device Manager

Technologies, Techniques, and Standards

Guidelines on the auditing framework for Trust Service Providers (Help Net Security) A new ENISA report provides guidelines on the auditing framework for Trust Service Providers (TSPs). These guidelines can be used by TSPs (preparing for audits) and Conformity Assessment Bodies (auditors) having to undergo regular auditing — as set by the eIDAS regulation — and offer a set of good practices which can be used at an organizational level

PCI Security Standards Council Releases Tokenization Product Guidelines (SecurityWeek) The PCI Security Standards Council announced on Thursday the availability of guidelines designed to help organizations develop tokenization products

Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse (Dark Reading) Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here's proof

Putting IT In Perspective: Threat Intelligence (Business2Community) "Threat Intelligence" is one of those terms that high-tech marketers have recently grabbed on to, and are currently riding hard — you can check this out for yourself, with a quick look on Google Trends

The Unfolding Role of Risk Managers — New Demands, New Talent (Forbes) Melissa Sexton, CFA is the head of Product and Investment Risk for Morgan Stanley MS +0.25% Wealth Management. Prior to this, she spent nearly a decade serving as Chief Risk Officer at two different hedge funds in New York. Most of Melissa's 25 years of experience has been in a variety of risk management roles, though she has also traded derivatives and worked in operations, and has continuously worked on projects which integrate risk management with information technology. Ms. Sexton is a member of PRMIA New York's steering committee, received a BA in Mathematics and Economics from Boston University, and was awarded her CFA charter in 2001

How to Build a Successful IT Security Awareness Program (Tripwire: the State of Security) The first step towards creating a successful security awareness program is to recognize that this is not a project with a defined timeline and an expected completion date, but is instead a development of organizational culture

Anthem and Premera data breaches put healthcare industry on notice (IT Pro Portal) Recent headlines have put the healthcare industry in the spotlight, and have many asking if current security best practices are enough

Chris Thomas of RSA shares his views on hacking incidents in the corporate world (DNA India) The number of hacking incidents are constantly rising and companies are struggling to keep up with the attackers. In an exclusive interview at Black Hat Asia 2015, Chris Thomas, Security Analytics and Advanced Security Operations Specialist, Asia Pacific & Japan, RSA speaks to Krishna Bahirwani and shares his thoughts on where organizations are going wrong

The Cloud Could Be Your Best Security Bet (TechCrunch) Conventional IT wisdom says that you're safer and more secure when you control your own on-premises datacenter. Yet if you think about every major data breach over the last two years, whether Anthem, Sony, JPMorgan or Target, all involved on-premises datacenters, not the cloud

Encryption Still the Preferred Method for Protecting Cloud Data: Report (American Banker) Encryption still vastly outpaces tokenization as a means of defending data in the cloud, according to a new report from a cloud data cybersecurity firm, CipherCloud

Big companies aren't as well protected as they think ( Brooklyn) Experts on enterprise cybersecurity discuss the Department of Commerce's guidance for keeping data and critical IT infrastructure safe

Security Is More than a Password — It's a Signature (CoinTelegraph) The technology behind Bitcoin and the blockchain is secure; we know this because it leverages mathematically proven cryptographic protocols. Known as the Elliptic Curve Digital Signature Algorithm (ECDSA), they "ensure that [Bitcoin] funds can only be spent by their rightful owners." However, this level of security doesn't always transfer to the businesses and applications offering services in the Bitcoin industry today

Defense-in-Policy begets Defense-in-Depth (SANS Infosec Reading Room) The majority of companies today focus solely on technical requirements for an information security program. When addressing the legendary AIC triad, companies focus on pulling controls from three categories: Administrative, Technical/Logical, and Physical/Environmental. Often, the Administrative category is overlooked, disregarded, and not given enough focus and attention from the business which can spell disaster for the security process as it provides the foundation and framework for the entire security program

DoD breaks mobile security roadblock (Federal News Radio) Securing smartphones and tablets is a lot easier said than done for most agencies. Federal security experts still are trying to find the right balance between mobile access and security of data and applications

The Shrinks Who Only See CIA Officers (Daily Beast) Some U.S. intelligence analysts spend days scouring ISIS beheading videos and jihadists' porn. When it gets to be too much, there's a cadre of therapists on call

Design and Innovation

Windows May Go Open Source: What It Really Means For Developers And Consumers (Tech Times) Microsoft — set to release Windows 10 later this year — is firmly established as the king of software. In spite of this, the company is open to change: Windows could soon become open source

Research and Development

The Quantum Leap into Computing and Communication: a Chinese Perspective (Eurasia Review) A nation's success in military operations often rises and falls on the basis of how well it communicates. When a nation does not secure its communications effectively, its enemies intercept and read its communications and win thereby military and diplomatic advantages

HITRUST to Launch First Comprehensive Study of Targeted Cyber Threats Impacting Healthcare Industry (BusinessWire) Lack of empirical data to be addressed by collecting and analyzing the methods, magnitude and pervasiveness of cyber threats


Competition pits students against simulated cyberattacks (News@Northwestern) A medium-sized health insurance company fires its IT staff, citing gross incompetence, and then hires a new team to defend its network against a band of highly skilled hackers looking for private data

Legislation, Policy, and Regulation

Turkey blocks Twitter, YouTube over hostage photo (Hurriyet Daily News) Turkish authorities have blocked access to Twitter and YouTube over their refusal to remove photos of a prosecutor who was taken hostage by militants in Istanbul. The ban on Facebook, on the other hand, has been lifted after the website complied with the court ruling

MP Rathgeber wants tougher oversight of electronic spy agency (Ottawa Citizen) Canada's system of watching the watchers needs better vision, says maverick MP Brent Rathgeber

Park, Obama Both Move to Strengthen Cyber Security (Business Korea) President Park Geun-hye appointed a new cyber security secretary, a newly-created post, presidential spokesman Min Kyung-wook said on Friday. Shin In-seop, a brigadier general who served as deputy commander of the military cyber command, will be integral to the latest government effort to strengthen the top office's role in cyber security. The move came three days after the Cabinet's approval of the new post

Anti-Hacker Executive Order: 5 Concerns (GovInfoSecurity) Security experts sound attribution, retribution warnings

New White House Executive Order: Sanctions in Response to Cyber Intrusions (The Adversary Manifesto by CrowdStrike) For the last 4 years, I have persistently advocated for a trade sanction approach in response to the vast economic espionage being conducted by numerous nation-states and foreign corporate threat actors

Expansion Of Federal Laws Won’t Deter Rogue States Or Diffuse Hacking Groups Trolling Web For Vulnerabilities (HS Today) In conjunction with the recent State of the Union Address, the White House announced a package of legislative proposals titled, Modernizing Law Enforcement Authorities to Combat Cyber Crime, aimed at providing law enforcement the "appropriate tools to investigate, disrupt and prosecute cyber crime"

Lawmakers in cybersecurity rush (The Hill) Lawmakers are rushing to pass a major cybersecurity bill this month before a divisive debate over reauthorizing the National Security Agency's surveillance programs bogs them down

Top GOP senator touts cyber privacy bill (The Hill) A top Senate Republican on Saturday touted a major Senate cyber bill aimed at better protecting privacy

Advancing cyber bills spark fresh NSA worries (The Hill) The House Intelligence panel is preparing to move a cybersecurity bill that privacy advocates argue would embolden the National Security Agency (NSA)

Strengthen privacy rights (Post and Courier) A major piece of business that Congress failed to complete last year was to strengthen the privacy rights of Americans by curtailing government spying on them. It should be at the top of the agenda this year

How the 2016 Republicans Will Debate NSA Reform (National Journal) Rand Paul and Ted Cruz are likely going to hit their opponents — and each other — early and often for backing mass surveillance

Senator wants bomb-making information removed from the Internet (CSO) After two U.S. women were charged this week with conspiring to build bombs in support of terrorist groups, a U.S. senator wants two publications that include bomb-making instructions deleted from the Internet

NSA looks to continue cybersecurity partnership with private sector (FCW via Washington Technology) National Security Agency Director Adm. Michael Rogers called for closer and more rapid collaboration with the private sector in investigating cyber intrusions

Litigation, Investigation, and Law Enforcement

After Obama's cybersecurity order threatens Snowden fund, bitcoin donations spike (ZDNet) A new executive order is said to have made it illegal to donate to Edward Snowden's fund, which didn't go down so well with one good-spirited community

Oregon man wants to be arrested for donating Bitcoin to Edward Snowden (New York Daily News) An Oregon computer programmer hopes a measly donation of $0.33 in Bitcoin to Edward Snowden's legal fees lands him in trouble with the U.S. government

On John Oliver, Edward Snowden Says Keep Taking Dick Pics (Wired) John Oliver is worried that you don't care about government surveillance because you have no idea what it is. After doing an informal poll of passersby in Times Square, who for the most part had no idea who whistle-blower Edward Snowden was or what it was he leaked, Oliver said Sunday, "It seems like we've kind of forgotten to have a debate over what Snowden leaked"

Can a Company Remotely Wipe an Ex-Employee's Device? (Dark Matters) One of my favorite sayings about cyber risk is "an ounce of prevention is cheaper than the very first day of litigation." A recent case provides a nice example of exactly what I mean. In this case, an effective BYOD policy could have saved this company tens of thousands of dollars, at least

Cyber-bullying summit in Limerick will honour Phoebe Prince (Limerick Leader) Young people in Limerick will have a chance to influence online safety policy for social networks — and legislation in the area of cyber-bullying — by taking part in a summit being held in the city next month

California Attorney General Announces 18-Year-Prison Sentence For Cyber-Exploiter Who Created Revenge-Porn Site (CBS Los Angeles) California Attorney General Kamala Harris Friday announced that a man convicted of cyber-exploitation was given a nearly 20-year prison sentence

Monroe High School student hacker disrupts school district Internet (Monroe News) A Monroe High School student is facing possible felony criminal charges after the district's computer system was hacked and its Internet service disrupted several times over the past two weeks

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of...

Upcoming Events

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks...

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are...

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts...

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge...

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter,...

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external...

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored...

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current...

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges...

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of...

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.