skip navigation

More signal. Less noise.

Daily briefing.

Some notes on information operations lead today's news. ISIS posts a video aligning itself with Boko Haram: the two groups cooperate in pursuing mindshare among the unreflectively murderous disaffected. ISIS sympathizers continue their odd-seeming vandalism against minor US Midwestern targets — now an arts group in Topeka, Kansas. (Low-hanging fruit plucked by poor grammarians.)

Lookingglass reveals a pervasive and sophisticated cyber operation conducted by Russian services. "Operation Armageddon," an espionage campaign directed against Ukrainian military and government targets. Lookingglass says the campaign has been active at least since mid-2013.

More accounts of alleged Russian hacking of the US White House and State Department trickle out. Fortune suggests the Russian services gained access to US networks via a viral video of a droll monkey.

WordPress is patching a zero-day that affects even the version it released last week.

Researchers report finding an Android zero-day that exposes devices to drive-by downloads.

Sendgrid ("transactional email delivery services") suffers a breach and advises users to reset passwords.

Enterprises with extensive (or permissive) BYOD policies are warned against zombie apps — unsupported, dead apps lingering on employees' devices.

In industry news, GBGroup buys fast-growing location intelligence shop Loqate.

The newly confirmed US Attorney General promises a close focus on cyber issues. The FBI announces plans to address its cyber labor needs through outsourcing: an RFP is expected.

NSA Director emeritus Alexander praises Israeli and Iranian cyber capabilities (withholding, of course, approval thereof).

A US court rules, in Genesco v. Visa, that attorney-client privilege covers cyber forensic results.


Today's issue includes events affecting China, Germany, India, Iran, Israel, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.

Tomorrow's CyberWire will feature coverage of a symposium on cyber insurance to be held this evening in Northern Virginia by Sahouri.

Cyber Attacks, Threats, and Vulnerabilities

Analysis: Islamic State strengthens ties with Boko Haram (BBC) The Islamic State (IS) has released a new video, eulogising Nigeria's Boko Haram, in the latest sign of closer ties between the two militant groups

Arts Website Recovers From Cyber Attack (KSAL) The website of a Topeka arts districts has been restored after it was hacked

Report: To Aid Combat, Russia Wages Cyberwar Against Ukraine (NPR) The rules of War 2.0 (or 3.0) are murky. Experts and pundits say that cyberwarfare is happening. And it makes sense. But it's been very hard to prove

Lookingglass Cyber Threat Intelligence Group Links Russia to Cyber Espionage Campaign Targeting Ukrainian Government and Military Officials (Lookingglass) Report findings provide fully documented cases and timeline showing cyber warfare and espionage being used in coordination with Russian military activities

Did monkey videos help Russian hackers access President Obama's email? (Fortune) Silly viral videos may have helped cyber intruders get hold of more than just the president's private itinerary, reports say

How Google saw the DDoS attack against Github and GreatFire (Help Net Security) The recent DDoS attacks aimed at GreatFire, a website that exposes China's internet censorship efforts and helps users get access to their mirror-sites, and GitHub, the world's largest code hosting service, have been linked to the Great Cannon, an attack tool co-located with the Great Firewall of China

WordPress vulnerable to yet another, still to be patched XSS flaw (Help Net Security) The latest WordPress version (4.2, released on Thursday) and several earlier ones are vulnerable to a stored cross-site scripting (XSS) vulnerability that can be exploited to inject JavaScript in WordPress comments

Details on WordPress Zero Day Disclosed (Threatpost) WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver

Android zero-day opens phones up to drive-by-downloads (SC Magazine) A new zero-day flaw affecting all versions of Google's Android operating system could be exploited by hackers looking to steal data or take control of the mobile device

Inside the Zeroaccess Trojan (Dark Matters) The Zeroaccess trojan (Maxx++, Sierief, Crimeware) has affected millions of computers worldwide, and it is the number one cause of cyber click fraud and Bitcoin mining on the Internet

Account Breach Leads Sendgrid to Reset All Customer Passwords (Tripwire: the State of Security) Sendgrid, a company that specializes in transactional email delivery services, is asking all its customers to reset their passwords following an account breach

Zombie apps haunt BYOD workplaces (CSO) Around 3 million apps on employee smartphones are actually dead, removed from their respective app stores and no longer supported

TRAI leaked Over Million Email Addresses; Anonymous India takes Revenge (Hacker News) The official website of the Telecom Regulatory Authority of India (TRAI) has been allegedly hacked just hours after the site exposed more than 1 Million email addresses of users who spoke in support of Net Neutrality.

Hackers hijack Tesla's website, Twitter account and email — but how? (Hot for Security) Tesla Motors is famous for its high performance, gadget-filled, electric cars — but that doesn't necessarily mean that it's a master of all technology

School falls victim to 'malicious' cyber attack (Derby Telegraph) A school believes a pupil may be responsible for a "malicious cyber attack" of its internal computer system

This Hacker has Implanted a Chip in his Body to Exploit your Android Phone (Tripwire: the State of Security) Plenty of people these days are prepared to augment their bodies with face furniture, piercings, rings and tattoos. But would you implant a chip in your hand to show how easy it is to exploit an Android phone?

Why this guy is teaching people how to write malware for Macs (Business Insider) Patrick Wardles says he "drinks the Apple juice." At the same time, the director of research at Synack recently gave a presentation at the elite Infiltrate hacking conference in Miami detailing "exactly how to practically create elegant, bad@ss OS X malware"

Google blushes over Google Maps showing Android icon urinating on Apple icon (Naked Security) As of Monday, all was well in Pakistan's Ayub National Park, at least as far as Google Maps was concerned, which was showing it as a verdant green swath of pixels

Security Patches, Mitigations, and Software Updates

WordPress 4.2.1 Security Release (WordPress) WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately

WordPress promises patch for zero-day "within hours" (CSO) WordPress statement hints at no prior notice on disclosure, contrary to researcher claims

Cyber Trends

How the Internet of Things is reshaping the future of security (CSO) The emerging model of the Internet of Things (IoT) is rapidly changing the way organisations think about IT security — but IoT's unique characteristics are also likely to send ripples through conventional security architectures by forcing a fundamental rethink about how corporate data is managed and protected

Successful POS attacks are the result of poor security, researchers find (Help Net Security) Most data breaches involving payment card information — and there have been too many in the last two years — can be traced back to a lack of implementation of security measures

Cyber security chiefs urging companies to protect against basic cyber attacks (Treasury Insider) The cyber security industry experts attending the RSA conference in San Francisco this week have been urging companies to protect against basic cyber-attacks on their company, rather than attempting to prevent threats from nation-state backed hackers

Cyber Scammers 'Phishing' More for Corporates — ProofPoint (Spamfighter News) Cybercriminals are progressively targeting business houses in their attacks than mere consumers, said security firm ProofPoint in a study recently

Only one-quarter of federal agency IT officials polled say their network data is protected in transit (FierceGovernmentIT) About 26 percent of federal agency IT decision makers polled believe the data transmitted across their networks are fully protected, according to one major finding in a new industry-sponsored survey released last week

Big data can help counter cyber attacks, says report (Out-Law) Businesses that have improved their cyber security defences in the past two years have been more likely to turn to new security technologies than companies whose security performance has remained "static", a report by Accenture has found


Anti-virus product caught cheating by independent testing agency (Graham Cluley) AV-Comparatives, one of the world's leading independent testers of anti-virus products, says that it has uncovered that at least one product isn't playing by the rules

FireEye Is Worth A Second Look (Seeking Alpha) FireEye fell out favor with investors in 2014 due to repeatedly lowballing its revenue guidance and its expanding losses. The company has, however, managed to maintain strong top line growth. The market appears to appreciate this fact and has bid up the company's shares this year. FireEye is making the right moves to maintain strong growth and is therefore a good investment

Fortinet: A Premier Cybersecurity Firm (Seeking Alpha) Fortinet had an amazing first quarter, beating on several key metrics such as revenue and operating margins. Fortinet's accelerating growth in large deals is perhaps one of the most promising aspects of the company's business. Fortinet's highly integrated model should increase the company's brand value, as such an integrated platform saves on time and improves overall security. Despite Fortinet's dominant market position, the increasing pace of cybersecurity obsolescence is a very real threat to the company

One of Silicon Valley's fastest-growing companies was just acquired (Silicon Valley Business Journal) Loqate, which provides location-based intelligence and data, has been acquired by GBGroup, an identity intelligence firm from the United Kingdom

Raytheon forming cyber-security JV; launches new products (UPI) A new cyber-security company is being formed as a joint venture of Raytheon and Websense, with an investment by Raytheon of more than $1 billion

Accuvant-FishNet CMO Dishes On Hiring Spree, Global Expansion And The Future Of Optiv Security (CRN) The merger of Accuvant and FishNet Security — and the upcoming name change to Optiv Security — are just the first of many changes planned for the $1.5 billion security solution provider

G DATA verstärkt Engagement auf US-Markt (Pressebox) Andrew Hayter als Security Evangelist neuer Ansprechpartner für Medien, Security-Community und Kunden

FBI Readies Multimillion Contract for Cyber Expertise (Nextgov) Finding the right workforce talent is never easy, but it's a particularly challenging feat for the Federal Bureau of Investigation, which frequently requires subject matter experts with high clearances and diverse skill sets

The Chinese Hackers Who Are Actually Not Trying to Hack You (Motherboard) Last month, Lu Juhui and Jun Mao opened their laptops in a nondescript conference room in Vancouver, and a 30-minute countdown timer was started. A few keyboard taps and one minute later the pair had hacked Adobe Reader, the PDF viewing software, and earned $22,500 apiece. They sat wondering what to do for the next 29 minutes

Foreground Security Names Jeffrey B. Mauro Director of Operations (Nasdaq) Foreground Security, a cutting-edge cyber security consulting firm that offers an advanced set of cyber hunting and analytics capabilities, today announced it has named Jeffrey B. Mauro as its Director of Operations

Products, Services, and Solutions

Cylance Wins Excellence Award for Best Emerging Technology at 2015 SC Awards (Marketwired via Digital Journal) Cylance, the first cybersecurity company to provide next-generation antivirus protection that stops malware from executing by analyzing the DNA of files for known and unknown threats, won Best Emerging Technology at the 2015 SC Awards

Hadoop 'faces a make-or-break year,' say analysts (FierceBigData) Executives at Paxata, a maker of self-service data preparation products, say several trends are affecting how organizations are now performing data preparation and choosing big data projects. If the trends they see are correct, the year ahead is going to get interesting fast. One example: they think Hadoop is "facing a make-or-break year"

Fee-fi-fo-fum, do I want Google to sniff my network traffic, all of it? (Naked Security) Google is getting a lot of publicity for a business venture called Project Fi

US hospitals to treat medical device malware with AC power probes (Register) 'WattsUpDoc' is a stethoscope that detects viruses in sealed-box medicomputers

Technologies, Techniques, and Standards

6 Ways to Protect U.S. Grid from Cyber Attacks (Wall Street Journal) The electrical grid remains alarmingly vulnerable to a variety of cyber threats

New Utility Decrypts Data Lost to TeslaCrypt Ransomware (Threatpost) Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key

Cloud Security Certification Launched (GovInfoSecurity) Designed to measure advanced competence

Legal Issues with Cloud Forensics (Forensic Magazine) Unfortunately, many companies have entered the cloud without first checking the weather. Cloud services have skyrocketed primarily because they're cheaper and more convenient than the alternative. What happens if the cloud gets stormy, you suffer a breach, and you find yourself in the position of having to conduct digital forensics?

Data Sanitization: Part 1 (Forensic Magazine) Consider the following scenario which likely happens to tens of thousands of individuals each day

Cybersecurity Issues — Is Continuous Monitoring Enough? (Tripwire: the State of Security) Continuous monitoring is poised to do for information security what cloud deployment did for global productivity

How responsible are employees for data breaches and how do you stop them? (CSO) Data breaches have very quickly climbed the information security agenda and that includes the data breach threat posed by employees and IT professionals

Is your enterprise breach-proof? (Financial Express) Do you think your work related data is safe and beyond the reach of hackers? Do the news headlines on frequent breaches, hacks and heists worry you?

Interop: Understand Your Attackers For Better Network Defense (Dark Reading) Knowing who will target you is key in network security prioritization

Browser anonymity and security (stacksmash3r) I decided to write a little tutorial centered around my browser setup. I use two different profiles, a general one that isn't as hardcore as my security one that I use when I am investigating exploit kits and malware control panels

Design and Innovation

Opinion: If predictive algorithms craft the best e-mails, we're all in big trouble (Christian Science Monitor Passcode) The new Crystal app creates profiles 'for every person with an online presence' so its users can craft the ideal e-mail for every recipient. That's not only troubling for privacy, but also threatens to strip individuality out of our digital dialogue

Research and Development

NIST seeks CDM trial (FCW) What: A National Institute of Standards and Technology "sources sought" notice seeks information on vendors that can help the agency test a proven risk-scoring methodology that would lead to a long-term, real-time continuous monitoring program


Champlain College Awarded for Best Cybersecurity Higher Education Program (Forensic Magazine) Champlain College has been recognized for the second time as winner of the Professional Award for Best Cybersecurity Higher Education Program at the 2015 SC Awards. The award was presented during the 2015 SC Awards Gala held in San Francisco

Legislation, Policy, and Regulation

Former NSA Chief: Israel, Iran Among World's Best in Cyber-Warfare (Agemeiner) Archenemies Israel and Iran have some of the best cyber-warfare capabilities in the world, former National Security Agency chief General Keith Alexander said

Exclusive: Navy's cyber warriors in technological arms race with Israel's foes (Jerusalem Post) "From our perspective, the threat is always lurking on our perimeters — these are 'borders' made up of cables," says a senior navy source

How China Uses its Cyber Power for Internal Security (Diplomat) This is the first in a series of 5 articles discussing IT as a means to solidify Communist Party rule in the country

US ensnared in China's digital crackdown (The Hill) Chinese President Xi Jinping is spearheading a crackdown on the flow of digital information in a campaign that could reshape the cybersecurity relationship between China and the U.S

Top U.S. officials test new concept of cyberdefense (EnergyWire) The U.S. military is changing its approach to cyberspace in ways that could reverberate across the control networks all Americans rely on to deliver water, electricity and other critical services

Preparing for Warfare in Cyberspace (New York Times) The Pentagon's new 33-page cybersecurity strategy is an important evolution in how America proposes to address a top national security threat. It is intended to warn adversaries — especially China, Russia, Iran and North Korea — that the United States is prepared to retaliate, if necessary, against cyberattacks and is developing the weapons to do so

Editorial: Carter Charts New Cyber Path (DefenseNews) US Defense Secretary Ash Carter's new cyber strategy and push to harness the power of Silicon Valley are key and welcome steps to improving the cyber security of the United States and its allies

A Cybersecurity Turf War at Home and Abroad (Roll Call) The House passed not one, but two, bills last week to provide immunity from consumer lawsuits to companies that share with each other, and with the government, information about cyber-threats and attacks on their networks

Lynch vows cyber focus at DOJ (The Hill) Cybersecurity got prominent mention during Attorney General Loretta Lynch's swearing-in ceremony on Monday

Litigation, Investigation, and Law Enforcement

DOJ close to issuing sanctions over hacking (The Hill) Hackers could be facing new sanctions from the U.S. government in at attempt to prevent cyber crime

Court Says Cyber Forensics Covered by Legal Privilege (JDSupra) The Middle District of Tennessee recently issued a key decision in the ongoing Genesco, Inc. v. Visa U.S.A., Inc. data breach litigation. The court denied discovery requests by Visa for analyses, reports, and communications made by two cybersecurity firms Genesco retained after it suffered a data breach on grounds that those materials were protected by the attorney-client privileged and work product doctrine. The decision is crucially important for two reasons

Companies target each other in data breach disputes (Business Insurance) Get a handle on cyber risks pre-emptively when making deals with business partners to help mitigate commercial liability disputes, says data security attorney Mitzi L. Hill of Taylor English Duma L.L.P

DHS audits find sensitive material left unsecured in work areas, passwords revealed (FierceHomelandSecurity) A third-party audit of several agencies and offices within the Homeland Security Department found that some personnel improperly divulged passwords or left sensitive documents unattended in their workspaces in violation of certain policies

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence...

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

INFWARCON (Nashville, Tennessee, USA, April 28 - 30, 2015) INFWARCON takes a look at how the balance has flipped in the past 20 years in the cyber security industry. Back then, governments had the upper hand, and could not imagine that cyber criminals could ever...

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital...

Southern Africa Banking and ICT Summit (Lusaka, Zambia, April 30, 2015) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

WAHCKon Perth 2015 (Perth, Western Australia, Australia, May 2 - 3, 2015) WAHCKon is a Perth based hacker conference that launched in 2013. We cover a wide range of topics focusing on Information security and Hacker subculture as well as locksports, activism and related areas...

Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security...

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an...

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.