skip navigation

More signal. Less noise.

Daily briefing.

More reports from France point to the relatively long preparation involved in the relatively low-tech hack of TV5Monde.

Trustwave shares its discovery of "Punkey," a new point-of-sale malware variant. (Some details are appropriately redacted, given that the discovery occurred in the course of Trustwave's support of a US Secret Service investigation.)

Norse and Cylance independently warn of increased Iranian cyber operations.

Observers digest this week's US Government Accountability Office (GAO) report on commercial air vulnerability to hacking. Some concerns surround the Federal Aviation Administration's upgraded air traffic control system; others are prompted by increased flight deck connectivity. Hijacking flights by Wi-Fi is (for now) a bit of a stretch, but there's clearly a significantly expanded attack surface in airliners now entering service.

This and other threats prompt renewed discussion of cyber threat (and response) sharing. Several platforms are compared; the market continues to worry the intersection of IP, regulation, litigation, and technology. Recorded Future likens threat intelligence to a "judo move" in responsive defense. Fast Company reports an interesting design for anonymized cyber information sharing from start-up Trustar. The government can subpoena them all day long, but since Trustar doesn't hold their customers' encryption keys, they couldn't surrender customers' data even if they wanted to.

International meetings on privacy continue in the Hague. The US Congress continues to mull legislation affecting not only surveillance, but also privacy and incentives for businesses to report and share cyber threat intelligence.

Oracle stops patching Java 7. Issues surface with some April Microsoft patches.


Today's issue includes events affecting Australia, Brazil, China, Egypt, European Union, France, Germany, Iran, Iraq, Russia, Syria, United Kingdom, United States.

The CyberWire will be covering RSA 2015 in San Francisco next week. Look for special issues devoted to the event beginning with a preview tomorrow.

Cyber Attacks, Threats, and Vulnerabilities

Jihadist cyber-attack on French TV began in January: sources (France Expatica) The jihadist cyber-attack against French television channel TV5Monde last week was set in motion in January, several sources with knowledge of the investigation said on Tuesday

Punkey POS Malware Sets Sights on More Retailers (Infosecurity Magazine) Researchers involved in a US Secret Service investigation have found a potentially prolific piece of advanced POS malware which could come from the same code base as the previously discovered NewPosThings family

New POS Malware Emerges — Punkey (Trustwave: SpiderLabs® Blog) During a recent United States Secret Service investigation, Trustwave encountered a new family of POS malware, that we named Punkey. It appears to have evolved from the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at Arbor Networks. While this malware shares some commonalities with that family, it departs from the standard operating procedure of the previous versions rather dramatically. In a blog post, TrendMicro also detailed recently compiled versions of the NewPOSthings family that bear a closer resemblance to NewPOSthings than Punkey. This suggests that multiple actors may be using similar source code, or the malware is being customized as a service for targeted campaigns. Because of the active investigation, I cannot reveal C&C domains used in the samples

Alert (TA15-105A) Simda Botnet (US-CERT) The Simda botnet — a network of computers infected with self-propagating malware — has compromised more than 770,000 computers worldwide. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations

FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen (Government Accountability Office) As the agency transitions to the Next Generation Air Transportation System (NextGen), the Federal Aviation Administration (FAA) faces cybersecurity challenges in at least three areas: (1) protecting air-traffic control (ATC) information systems, (2) protecting aircraft avionics used to operate and guide aircraft, and (3) clarifying cybersecurity roles and responsibilities among multiple FAA offices

Hackers' Newest Target: Airplanes (Foreign Policy) The newest terrorist threat to planes? Wi-Fi

Hackers Could Commandeer New Planes Through Passenger Wi-Fi (Wired) Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable

Sony Corp (ADR) (SNE) Cyber-Attack Scenario Might Be Revisited On Other Companies: Former Hacker (Bidness Etc.) Ex-hacker and now VP of Cylance stated that the looming threat of more hacks is imminent as price of electronic equipment coupled with technical sophistication is easily available

Troubleshooting feature on Cisco routers is open to data-slurp abuse (Register) Mad skillz + $10k = DIY NSA

Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787 (TrendLabs Security Intelligence Blog) On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited, and how Trend Micro can protect against future possible attacks

Bishop Fox Security Research Team Discovers Major Authentication Bug in Popular AirDroid App (PRWeb) Vulnerability allows attackers to remotely take control over every AirDroid feature, even when not running

Dropbox users continue to unwittingly leak tax returns and other private data (Graham Cluley) Readers with good memories will recall a worrying privacy hole was found in Dropbox after publicly accessible links to private personal information stored on the service leaked out to unauthorised users

Recorded Future Explains Why People Thought It Was Crawling Your Facebook Chats (BostInno) We're all pretty quick to believe that the government is peeking at what we do on our computers, right? Maybe a little too quick sometimes

Security Patches, Mitigations, and Software Updates

Oracle to end publicly available security fixes for Java 7 this month (InfoWorld) Users must sign long-term support deals or migrate to Java 8 to avoid 'enormous headache and disruption to millions of applications'

Microsoft woes: Patch KB 3013769, Skype for Business, Windows 10 nagware (InfoWorld) Several of this month's Black Tuesday patches are already showing signs of trouble

Cyber Trends

Opinion: Threat intelligence is the judo move needed to take down hackers (Christian Science Monitor Passcode) Advanced techniques for quickly tracking and analyzing the behavior and tactics of criminal hackers gives companies the tools to defend against emerging cyberthreats

Targeted Attack Trends 2014 Annual Report (Trend Micro) Targeted attacks, aka advanced persistent threats (APTs), refer to a category of threats that aim to exfiltrate data. These comprise six components — intelligence gathering, point of entry, command and control (C&C), lateral movement, asset/data discovery, and data exfiltration, which includes a maintenance phase that allows threat actors to maintain their foothold within networks. Attackers initially gather target victims' profile information, which is then used as a delivery mechanism to gain entry into their networks. Once communication between compromised systems and C&C servers under attacker control is established, threat actors can then laterally move throughout the network and identify sensitive files to exfiltrate. In data exfiltration, an organization's "crown jewels" are transferred to a location predefined by the attackers

There's TOO MANY data-leaking healthcare firms, growls Symantec (Register) Problems often related to 'poorly patched devices'

How much will a data breach cost your company? (ComputerWorld) Verizon's 2015 Data Breach Investigations Report wants to help enterprises put a dollar figure on the cost of security failures

Enterprise Security Trends that Will Rule 2015 (TechZone360) From 3D printers that can replicate the intricate details of the human heart to wearable technology that tracks everything from blood pressure to incoming emails, 2015 shows great promise in becoming "Year One" of the new digital world order. But before we get too distracted, it's worth paying attention to — and learning from — the past, which has consistently revealed where even the most established industry giants stumble: enterprise security

Key trends for risk-prone behavior in the workforce (Help Net Security) Businesses are ill prepared for the high-risk, high-growth mindset of the GenMobile workforce, creating alarming disparity around security practices in the corporate world. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the security of corporate data

Compromised credentials haunt cloud app usage (Help Net Security) Netskope found that more than seven out of ten uploads from users with compromised accounts are to apps with a "poor" rating in the Netskope Cloud Confidence Index. Additionally, 21.6 percent of logins to the Salesforce app come from compromised accounts. Cloud app usage continues to grow across enterprise organizations, more than 25 percent of organizations use more than 1,000 apps

Here's Why You Need To Worry About Data Breaches (Vocativ) Every bit of seemingly meaningless stolen personal info is a step closer to your bank account

Top cyber words for 2015 (Augusta Chronicle) When I spoke at the International Conference on Cyber Security in New York in January, officials including Director of National Intelligence Jim Clapper and FBI Director James Comey spoke eloquently about "changing the calculus" of cyber attacks. Lisa Monaco, assistant to the president for homeland security and counterterrorism, was passionate about how serious the White House takes critical infrastructure protection

The Great Cannon, Heartbleed, and POODLE (Slate) How cybersecurity threats get names — and why they're important


Investors reluctant to put funds into hacked businesses, warns KPMG (Computing) Investors are reluctant to put their money into organisations that have been hacked, a study by KPMG has claimed, with the professional services firm warning that some boardrooms still fail to take cyber security seriously

Meet Tanium, The Secret Cybersecurity Weapon Of Target, Visa And Amazon (Forbes) A father-son duo came from out of nowhere with a more clever idea to protect networks from hackers — and now have a $1.75 billion startup with $160 million in the bank

The Investors Behind The Next Billion Dollar Startups (Forbes) While the aim of this latest Forbes list is to honor the founders of the next billion dollar tech startups and their teams, credit is also due to the investors backing them. Of the five firms listed below, nearly all have been venture capital stalwarts for decades, with just one exception (the six-year-old Andreessen Horowitz). But in every case, the value of brand and judgment, tested by market cycles and challenged economies, is apparent. And the firms' investments in not one but several of these high-growth companies demonstrate their consistent success

Hot IPOs: CyberArk Sets Up In Cup-With-Handle Base (Investor's Business Daily) Several promising new issues have set up in bases and might be poised for a significant advance. One is CyberArk Software (NASDAQ:CYBR), an Israeli maker of security software. The company is in a hot industry group that includes leaders such as Palo Alto Networks (NYSE:PANW) and Qualys (NASDAQ:QLYS). The group ranked No. 9 out of 197 groups in Wednesday's IBD

Courion Announces Strategic Equity Investment and Continued Sales Momentum (Realwire) Courion®, the market leading provider of intelligent identity governance and administration (IGA) solutions, today announced continued market momentum with a strategic equity investment from K1 Investment Management and key customer wins in the first quarter of 2015

Palo Alto Networks: We will be world's top security vendor (CRN) Next-generation firewall pioneer confident it can leapfrog Check Point and Cisco to become world's 'most important' information security player

Dropbox Launches Bounty Program on HackerOne (Threatpost) Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program

Lack of skilled infosec pros creates high-risk environments (Help Net Security) 82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business

Products, Services, and Solutions

Ionic Emerges From Stealth With Data Protection Platform (eWeek) Ionic Security's platform is designed to protect data with encryption that is easy to deploy and maintain. Officially exiting from stealth mode, Ionic Security is now publicly discussing its data protection platform — which has been in various stages of development for nearly four years. Ionic has raised $78.1 million in funding, with its most recent Series C round bringing in $40.1 million in January 2015

Early Warning and BioCatch Align to Help U.S. Financial Services Organizations Fight Fraud and Improve Digital Experience (BusinessWire) Behavioral analytics and threat detection come together with financial industry data sharing consortium

DBN-6300 Immediately Identifies Advanced Persistent Threats (Top Tech News) Machine learning and behavioral analysis Enables DBN-6300 to immediately identify Advanced Persistent Threats — DBN-6300 "shines a light" on the database infrastructure to reveal Advanced Persistent Threats that typically operate in stealth mode over a protracted period of time

Comodo Announces Global Availability Of Latest Version Of Internet Security Software (IT Business Net) Comodo Internet Security 8.2 with patent-pending containment technology protects consumers from malware, viruses and zero-day attacks

Akamai Introduces Two New Managed Security Service Offerings to Kona Family of Cloud Security Solutions (PRNewswire) Combination of industry-leading technology and security expertise designed to better deflect modern web attacks

Reason Core Security (PC Advisor) Reason Core Security is a tool for detecting, removing, and generally protecting you from malware, adware and similar unwanted programs

Pwnie Express Unveils Industry's First Internet of Everything Threat Detection System (Marketwired via Digital Journal) Pwnie Express today announced the next evolution of Pwn Pulse, the industry's first SaaS threat detection system designed to assess the Internet of Everything (including shadow IT and high-risk BYOx, vulnerable IoT devices, and purpose-built malicious hardware)

PhishMe Unveils New Security Solution for Enhanced Visibility into Targeted Phishing Attacks (Virtual Strategy Magazine) Leading anti-phishing provider launches new product for security analysts and incident response teams to operationalize internal human intelligence

Resilient Systems arms security teams with automated incident responses (Network World) Action Module makes mitigation steps happen faster and with certainty

Trustonic and Mobeewave Partner to Provide Unprecedented Security Level in Mobile Payment (BusinessWire) Turning off-the-shelf mobile devices into secure contactless mPOS without the use of an add-on

EdgeWave Unveils Military-Grade Breach Identification Service (PRNewswire) EdgeWave EPIC Security Assurance Service enables organizations to identify and immediately respond to cyber attacks

Comparing the top threat intelligence services (TechTarget) Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another

The 7 safest apps to send private and secure messages (Business Insider) The Edward Snowden revelations made it clearer than ever that your online messages are not safe from snooping

Technologies, Techniques, and Standards

PCI Council Publishes Revision to PCI Data Security Standard (PCI Security Standards Council) PCI DSS 3.1 and supporting guidance helps organizations address vulnerabilities within SSL protocol that put payment data at risk; PA-DSS revision to follow

Secrets are the enemy of a good security defense (InfoWorld) When you make a mistake, it's natural to want to keep the details quiet. But failing to recount the exact conditions that permitted a hack to occur only ensures a repeat

When you Can't Stop a Breach, you Should Still be Able to Spot it (InformationSecuirtyBuzz) Retailers have had an Annus Horribilis to quote Queen Elizabeth II. Target, Home Depot, Michael's, Dairy Queen, Sony — the list is endless. What is going wrong?

Inside AZ Labs, a facility 'certified at the highest level' of cybersecurity (Network World) In this unique rental office space, networks are protected with firewalls — and guards, and Faraday cages

Design and Innovation

Why Corporate Cybersecurity Teams Are Going Anonymous (Fast Company) Trustar, a new service, wants the world's top corporations to share hacker attack info with each other. Crazy or genius?

Research and Development

Onapsis Awarded Key Patent for Automated Cyber-Security Assessment of SAP Systems and Business-Critical Applications (WTRF) Enterprises gain assurance of rigorous methods to protect business-critical applications, processes and data from cyber-attacks


Student cyber team captures national title (Redstone Rocket) Grissom High group wins in Washington. It sounds like the plot out of a movie, or a headline on the nightly news

Legislation, Policy, and Regulation

Iran Is Raising Sophistication and Frequency of Cyberattacks, Study Says (New York Times) In February, a year after the Las Vegas Sands was hit by a devastating cyberattack that ruined many of the computers running its casino and hotel operations, the director of national intelligence, James R. Clapper Jr., publicly told Congress what seemed obvious: Iranian hackers were behind the attack

Australia Government "way out of touch": delegates to Hague cyber privacy conference (IT Wire) Delegates to a global Internet governance and digital privacy conference have questioned the Australian Government's legislation on cybersecurity, which they consider as extreme, flawed, and sacrificing human rights, according to a delegate, who is a member of the Internet Society of Australia

Why you have the right to obscurity (Christian Science Monitor Passcode) Federal Trade Commissioner Julie Brill says that obscurity means that personal information isn't readily available to just anyone. In our age of aggressive data collection, she says safeguarding obscurity should be a key component of consumer protections

NSA and FBI fight to retain spy powers as surveillance law nears expiration (Guardian) Debate reignites on Capitol Hill with Patriot Act section set to expire. Agency representatives secretly meet with members of Congress

Businesses argue against data breach bill change (The Hill) A coalition of business groups is urging House lawmakers not to drop an amendment to their data security bill that would require third-party vendors to inform affected consumers when they experience a breach

Pentagon to release cyber strategy next week (FCW) In his two months on the job, Defense Secretary Ashton Carter has made building out the Pentagon's capabilities in cyberspace a priority. That work will cross a threshold next week when the Pentagon releases a multi-year cyber strategy

Marine Corps building its first-ever cyber doctrine (Federal News Radio) The Marine Corps is drafting its first cyberspace doctrine, designed to help commanders build cyber operations into their battle plans, better defend their own networks and help integrate cyber with the more mature field of electronic warfare

Litigation, Investigation, and Law Enforcement

Interpol announces successful takedown of "Simda" botnet (Naked Security) Interpol just announced another co-ordinated botnet takedown, hot on the heels of Europol's action against the BeeBone malware

Google Disputes EU Antitrust Charges (InformationWeek) Google insisted that its conduct has been lawful and beneficial to the market

Health Plan Lawsuits and Data Breach Claims: Recent Developments and Implications (JDSupra) Five class action lawsuits have been filed against Premera Blue Cross in federal court in Seattle, Washington following the recent report of a data breach that affected approximately 11 million individuals. The lawsuits make similar allegations that Premera failed to protect sensitive information from attack. One lawsuit alleged a violation of the Health Insurance Portability Accountability Act ("HIPAA")

Netizen Report: Will Tech Companies Cave to the Kremlin's Data Demands? (Slate) Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week's report begins in Russia, where state media outlet RBC reported last week that U.S. companies including eBay and Google had begun storing Russian user data on servers located in Russian territory

Attorney claims cops planted spying malware on drive containing evidence (Help Net Security) Police force using malware in investigation is not an unheard-of situation but, according to an affidavit filed in a whistle-blower case against the Fort Smith Police Department (Arkansas), the department tried to use backdoors and keyloggers to spy on a lawyer that represents three police officers that work or worked for the department

Toxin-buying teen finds police waiting for him on the dark web (Naked Security) Many people use the internet to shop online and take advantage of low pricing, a huge amount of choice and greater convenience

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol...

International Symposium on Forensic Science Error Management (Washington, DC, USA, July 20 - 24, 2015) The symposium will give forensic science practitioners and researchers from around the world the opportunity to discuss best practices for identifying and reducing errors in forensic science laboratories.

SIN ACM (the International Conference on Security of Information and Networks) (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks will feature contributions from all types of specialists in the cyber security field, from papers and special sessions to workshops...

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Upcoming Events

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of...

INFILTRATE Security Conference (Miami Beach, Florida, USA, April 16 - 17, 2015) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes...

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives...

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.