skip navigation

More signal. Less noise.

Daily briefing.

Researchers describe why they think China's behind the attack on Australia's BoM, and why Chinese criminals appear to be targeting journalists.

More on the drive-by ransomware infections Heimdal reported early this week — Ars Technica notes that the campaign first installs "Pony," then a "cocktail" of malware that harvests credentials before encrypting files.

"Chimera" is another entry into the ransomware field. Observers see it as a disturbing bellwether of the growing market for ransomware-as-a-service.

Ransomware's not the only badness on offer in the black market. InfoArmor reports finding some new point-of-sale malware, "Pro POS," actively being hawked to criminals.

We've seen Conficker return. Fox-IT reports the reemergence of another old standby, the Ponmocup botnet.

Trend Micro warns that many high-profile mobile apps remain susceptible to vulnerabilities actually fixed as far back as 2012.

Researchers associated with SCADA Strange Love find vulnerabilities in widely used 3G and 4G cellular USB modems and routers.

In some good news, another old-timer is sinkholed. CERT-Polska, with big assists from ESET and Microsoft, takes down the Dorkbot botnet. (US and Canadian law enforcement also provided support.)

Toymaker Vtech hires Mandiant to sort out its security issues. Mattel deals with its own problem: Bluebox Security describes IoT security tangles in "Hello Barbie."

OpenSSL and Blackberry issue patches.

ZeroFOX attracts venture capital.

CyberPoint earns a patent for "Similarity Search and Malware Prioritization."

The insurance sector prepares for a bigger role in setting cyber standards of care.

Investigation of San Bernardino shootings suggests online, jihadist, inspiration of the shooters.


Today's issue includes events affecting Australia, Belgium, Canada, China, Iraq, Poland, Syria, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

How we trace the hackers behind a cyber attack (Conversation) The fingerprints might indicate China, but that's not so easy to prove. The Chinese military has been imputed for the recent cyber attack on the Australian Bureau of Meteorology (BOM)

Chinese cybercriminals found targeting journalists in Asia (CSO) IT security company FireEye has released results of research into a recent campaign carried out by a Chinese cyber threat group the company referred to as "admin@338" targeting Hong Kong-based media organizations

New ransomware campaign pilfers passwords before encrypting gigabytes of data (Ars Technica) Surreptitious attacks often prey on people visiting legitimate sites

Come to the dark side. Chimera ransomware asks victims to become affiliates (Graham Cluley) Researchers have observed that the Chimera ransomware offers victims the option of joining its affiliate program upon infection

Ponmocup Botnet Still Actively Used for Financial Gain (SecurityWeek) Fox-IT, the security firm recently acquired by NCC Group for $142 million, has published a report on Ponmocup, a sophisticated botnet that has been used over the past years by cybercriminals for financial gain

3G/4G cellural USB modems are full of critical security flaws, many 0-days (Help Net Security) An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them

High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability (TrendLabs Security Intelligence Blog) A total of 6.1 million devices — smart phones, routers, smart TVs — are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012

New 'Pro' Point-of-Sale Malware Found For Sale in Underground Forums (Tripwire: the State of Security) Cybercriminals are leveraging a powerful new strain of point-of-sale malware to target the payment systems of retailers this holiday season

Elasticsearch servers actively targeted by botmasters (Help Net Security) Elasticsearch is one of the most popular choices when it comes to enterprise search engines

Netflix login credentials for sale on the Dark Web (TechHive via CSO) Cord criminals join the ranks of cord cutters, cord cheaters, and cord nevers, selling stolen logins for major media-streaming services

Hello Barbie Fails Another Security Test (Security Ledger) In-brief: The security firm Bluebox says the mobile applications used with Hello Barbie contain security flaws that could lead to the theft of passwords and other information

Hello Barbie App, Hello Security Issues (Bluebox) Security risks discovered with Mattel Hello Barbie demonstrates Internet of Things security concerns

Your child's privacy is eroding (CSO) Social media, cloud-based educational tools, and Internet-connected toys are eating away at your child's privacy

Digital toymaker VTech hires FireEye to secure systems after hack (Reuters) Hong Kong-based digital toy and gadget maker VTech Holdings Ltd (0303.HK) said FireEye Inc's (FEYE.O) Mandiant forensics unit was helping the company secure its systems after a hacking attack exposed data on 6.4 million children

Security Sense: Hacked Companies Should Provide Victims Their Data (Windows IT Pro) And so it continues, this time with VTech not only allowing nearly 5 million of their customer records to walk out the digital door, but also the details of over 6 million kids

DDoS attacks are more than disruptions to service (CSO) While security teams are distracted by DDoS attacks, hackers are infiltrating networks with malware

Report: Scripting languages most vulnerable, mobile apps need better crypto (CSO) According to an analysis of over 200,000 applications, PHP is the language with the most vulnerabilities, and mobile apps suffer from cryptography problems

UK pubs group JD Wetherspoon hit by cyber attack (Reuters) British pub chain JD Wetherspoon has been hit by a cyber attack which leaked the names, email addresses and birthdates of 650,000 customers as well as some of the credit and debit card details for 100 buyers of its gift vouchers, it said on Friday

Naval Research Lab hit by zero-day exploit (FCW) The Naval Research Laboratory was recently hit by an attack exploiting a previously unknown software vulnerability, said Commanding Officer Capt. Mark Bruington

Could hackers break my heart via my pacemaker? (BBC) "I just found myself lying on the floor. I didn't know what happened," Marie Moe said

7 cyber threats worse than PHI breaches (Healthcare IT News) 'Healthcare IT security: you have a bad reputation. When it gets down to healthcare there's always a little chuckle about how bad they are'

Raytheon: More domains, more problems (FedScoop) The further we move from .com, the more room we give hackers to target unsuspecting victims, authors of a new report say

Don't Take the Bait; Avoid Phishing and Malware to Protect Your Personal Data (IRS) "Update your account now." "You just won a cruise!" "The IRS has a refund waiting for you"

Security Patches, Mitigations, and Software Updates

OpenSSL Security Advisory (OpenSSL (h/t US-CERT)) We anticipate that 1.0.0t and 0.9.8zh will be the last releases for the 0.9.8 and 1.0.0 versions and that no more security fixes will be provided (as per previous announcements). Users are advised to upgrade to later versions

BlackBerry releases security patches for the PRIV Android phone (Graham Cluley) Back in September I upset some BlackBerry fanboys by taking the mickey out of John Chen, CEO of the beleaguered smartphone company, and his cringeworthy demo of the firm's first Android-powered device — the BlackBerry PRIV

WebEx Android App Users Told to Update ASAP, Due to Risk of Attack (Tripwire: the State of Security) There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software

Cyber Trends

Cybercriminals will remain victorious in 2016, relief expected in 2018 (Help Net Security) From Ashley Madison to the United States Office of Personnel Management — and many, many others in between — what we now know is targets for cyber criminals and nation-state hacktivists have only broadened in 2015

Why is hacking so easy and security so hard? (Australian Broadcasting Corporation) It's been called a "cyber Wild West"

Survey: Cloud Privacy a Big Concern For Legal Departments (Legaltech News) 'Generally, lawyers are the most conservative professionals when it comes to adoption of new technologies'


Insurance companies will crack down on cyber security in 2016: Report (CSO) Cyber security insurance has had to rapidly evolve to cater to the growing complexity and unpredictability of cyber-attacks

Symantec outperforms following CEO's talk; capital returns mentioned (Seeking Alpha) Symantec (SYMC +0.3%) managed to close slightly higher on a day the Nasdaq fell 1.7% after CEO Michael Brown presented at a Credit Suisse conference

Verint adjusts strategy as shares tumble on revenue shortfall (Reuters) Shares in Israeli-American analytics firm Verint Systems Inc tumbled 13 percent on Thursday after the company posted third-quarter earnings that fell short of expectations, blaming delays in customer orders and a downturn in emerging markets

ZeroFOX is latest Md. cyber firm to attract investors, raising $27M (Baltimore Sun) Investors pumped $27 million into Baltimore cybersecurity company ZeroFOX to accelerate sales of its software that detects hackers who attack via social media

ZeroFOX Secures $27M Round Led by Highland Capital (ZeroFOX) Corey Mulloy, general partner at Highland Capital, joins ZeroFOX board as they tackle the cyber risks associated with social media

Avecto pockets $49M from JMI Equity to invest in Defendpoint security product (FierceITSecurity) Endpoint security software vendor Avecto pocketed $49 million from JMI Equity Wednesday to invest in marketing its Defendpoint security software and its research and development program

Engility Wins Prime Position on Potential $5 Billion Cyber Security and Information Systems IDIQ (BusinessWire) Award will deepen Engility's reach into DOD cyber security market

ManTech Awarded $407M Air Force Security Services Contract; Bill Varner Comments (GovConWire) ManTech International (Nasdaq: MANT) has received $407 million contract to provide security services for U.S. Air Force programs

Cylance Global CISO Malcolm Harkins Receives 2015 Security Advisor Alliance Excellence in Innovation Award (MarketWired) Cylance executive nominated and selected by Fortune 1000 Chief Information Security Officers for Outstanding Industry Leadership

RedOwl Appoints Paul Oshan as Vice President of Sales and Peter Heim as Vice President of EMEA (BusinessWire) Cyber security startup RedOwl has hired two senior security technology veterans: Paul Oshan to lead global sales and Peter Heim to drive expansion in Europe, the Middle East and Africa

Check Point Names Julie Parrish as Chief Marketing Officer (CNN Money) New executive appointment highlights company's commitment to helping businesses stay ahead of evolving security threats

Products, Services, and Solutions

Covata Launches New Look and Multi-Tenancy for Safe Share (BusinessWire) New Features Optimized to Give Telco Partners Secure, Easy-to-Use File Sharing and Storage Solution for Enterprises and Public Sector Organizations

BLACKOPS Partners Corporation Releases SPECTRE® (PRWeb) BLACKOPS Partners Corporation releases SPECTRE®, the breakthrough transformational system for organizations to win against information and industrial warfare in direct response to today's hyper-threat marketplace

Vanguard Integrity Professionals announces the launch of Version 2 Release 2 Security and Compliance Software for IBM's z/OS Security Server (PRNewswire) Increased Security for the Enterprise and Cloud environments with over 100 new features and enhancements, significantly increasing system performance

CyberFlow Analytics Announces New FlowScape CyberHooks Integration Layer (Benzinga) CyberFlow launches new FlowScape CyberHooks integration layer to enable Network Behavioral Analytics as a 15-minute add-on to any SIEM or external system

Cobham Launches TeraVM Cybersecurity Threat Analysis System (Light Reading) Cobham Wireless, a global leader in the provision of advanced wireless coverage and mobile communication systems, has announced the launch of the TeraVM cybersecurity threat analysis solution

Blue Coat & Dimension Data go on global cloud security offensive (Computer Business Review) Partnership aims to deliver real-time threat protection

Technologies, Techniques, and Standards

Podcast: Microsoft's Angela McKay on building global cybersecurity norms (Christian Science Monitor Passcode) Angela McKay, who runs Microsoft's public policy work on cybersecurity, and Elana Broitman from Greenberg Traurig's Government Law & Policy Practice, join the latest edition of The Cybersecurity Podcast

Leading Health Plan Organizations Learn to Mitigate Breach Exposure by Participating in Industry-Wide Cyberattack Simulation Exercise (BusinessWire) HITRUST CyberRX 2.0 reveals top five actions to improve cyber incident readiness

Can you keep Linux-based ransomware from attacking your servers? (CSO) According to SophosLabs, Linux/Ransm-C ransomware is one example of the new Linux-based ransomware attacks, which in this case is built into a small command line program and designed to help crooks extort money through Linux servers

Deploying Honeypots and Ethical Hacking in a Cloud Environment (Virtual Strategy Magazine) Cloud computing brings so many benefits to businesses that it's basically impossible to resist migrating to it

Top 10 Cybersecurity Tips for Businesses Following FTC v. Wyndham (Legaltech News) The FTC's required standard of care for cybersecurity is likely to evolve as new guidelines are issued and new cases are decided

Top 10 cybersecurity must-dos (Telegraph) The biggest threats we face in business today are digital attacks. The head of client propositions at BSI walks us through the cybersecurity checklist

How can security leaders create a positive work environment? (TechTarget) It's the responsibility of security leaders to create a positive work environment for security teams, which can be tough to do in such a demanding field. Here's how

Advent tip #4: Unsolicited tech support call? Just hang up! (Naked Security) Many of us have had unsolicited technical support calls, sometimes several of them

Design and Innovation

The Moral Dimension of Cryptography (Schneier on Security) Phil Rogaway has written an excellent paper titled "The Moral Character of Cryptography Work." In it, he exhorts cryptographers to consider the morality of their research, and to build systems that enhance privacy rather than diminish it

Research and Development

Patent Issued for Similarity Search and Malware Prioritization (USPTO 9197665) ( News editors obtained the following quote from the background information supplied by the inventors: "Malware, or malicious software, may refer to software that is used to disrupt computer systems and networks. Malware may be analyzed to study and detect threats of malware. However, existing malware analysis services suffer from several deficiencies. For instance, malware analysis services may not be able to keep pace with the rapidly evolving nature of malicious software. Therefore a faster and more efficient method is needed to process files to detect malware. In addition, because numerous malware are generated on a daily basis, a method to prioritize malware samples for analysis is also needed"


U Maryland Wins $2.76 Million for Data Security Training (Campus Technology) The University of Maryland has received a new vote of confidence for its approach to data security training from the company that helped the institution begin the program in the first place

Lastline Sponsors International Capture the Flag IT Security Exercise and "White Hat Hacker" Competition on Friday December 4, 2015 (BusinessWire) World's longest-running educational hacking competition at UC Santa Barbara to test and expand participants' security skills for fun and cash prizes; new twist features "Crowdsourced Evil"

Academics hold key in the war on cybercrime, Emirati expert says (The National) An Emirati cyber security researcher is calling on academic institutions to play a greater role in researching potential threats to the UAE

Cybersecurity program growth, 'cyber village' could be future of Augusta University (Augusta Chronicle) Cybersecurity and even a "cyber village" involving Sibley Mill could be potential future strengths for Augusta University, President Brooks Keel said

Legislation, Policy, and Regulation

Final cyber bill language could be ready around the new year (The Hill) Lawmakers seeking to reach a compromise between the House and Senate on a major cybersecurity bill are edging closer to a deal — but may not be able to complete it until next year, according to several people with knowledge of the negotiations

New legislation aims at stalling NSA reform (CSO) The new bill would let the NSA hold on to bulk phone data already collected

Encryption backdoors will make us all more vulnerable (Network World via CSO) In the aftermath of the Paris attacks, one of the memes being perpetuated by "security professionals" is that the terrorists used encrypted communications, enabling them to plan and coordinate their activities without raising suspicion among the intelligence community

DHS Expanding Enhanced Cybersecurity Services Program (Homeland Security Today) The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) — a voluntary program that shares indicators of malicious cyber activity between and participating Commercial Service Providers (CSPs) and Operational Implementers (OIs) — has concluded a Privacy Impact Assessment (PIA) Update to reflect ECS' support by Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the expansion of service beyond Critical Infrastructure sectors to all US-based public and private entities, and to introduce the new Netflow Analysis service

Air Force reorganizing to integrate cyber (C4ISR & Networks) The Air Force is making some big changes to its internal mission and personnel structures in order to better protect assets and interests from cyber threats, according to top Air Force officials

Litigation, Investigation, and Law Enforcement

GCHQ admits to hacking in court, says hacking helps stop terror attacks (SC Magazine) GCHQ has admitted for the first time that it has hacked computers, smartphones, and networks in the UK and abroad using CNE

Persistent Hacking — Is GCHQ going too far? (Check & Secure) The NSA-Snowden scandal in 2013 really blew the world of cyber espionage apart, with people first starting to throw doubt onto the role of their government and ponder just what was right and what was wrong in the world of online surveillance. Meanwhile, slightly less conspicuously, a more British variant of cyber spying was gathering speed. Four letters: GCHQ

Officials: San Bernardino shooter apparently radicalized, in touch with terror subjects (CNN) …Yet Farook himself had communicated by phone and via social media with more than one person being investigated for terrorism, law enforcement officials said

F.B.I. Treats San Bernardino Attack as Possible Terrorism Case (New York Times) The couple who the police say killed 14 people and left 21 wounded here had stockpiled thousands of rounds of ammunition and a dozen homemade pipe bombs in their home, officials said Thursday, a sign that they might have been planning further attacks

Islamic State's US Recruits So Diverse They 'Defy Analysis' (Voice of America) Their average age is 26. Eighty-six percent are male. Most use Twitter and other social media to find and spread propaganda

ISIS in America: From Retweets to Raqqa (The George Washington University Program on Extremism) While not as large as in many other Western countries, ISIS-related mobilization in the United States has been unprecedented

Microsoft and ESET Disrupt Dorkbot Botnet, Authorities Sinkhole Its C&C Servers (Softpedia) Dorkbot, a malware family that operates on a botnet structure, has been sinkholed by Polish law enforcement officials working together with Microsoft and ESET

Alert (TA15-337A) Dorkbot (US-CERT) Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims' computers

Facebook ordered to stop tracking non-users (Naked Security) Facebook is now blocking Belgians if they haven't signed in

Annual assessment reveals cybersecurity, IT program management issues at IRS (FierceGovernmentIT) An annual assessment of the Internal Revenue Service's information technology environment highlights cybersecurity weaknesses and several IT programs in need of better management

Dem pressures airlines for cyber defense details (The Hill) Sen. Ed Markey (D-Mass.) wants to know more about how airlines and airplane makers are defending themselves from hackers that have increasingly targeted the aviation industry

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

Upcoming Events

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...

Disrupt London 2015 (London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...

Cyber Risk Wednesday: 2016 Threat Landscape (Washington, DC, USA, December 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative...

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.