skip navigation

More signal. Less noise.

Daily briefing.

Daesh/ISIS issues new instructions to its followers over Telegram, warning of a tougher fight to come and offering nervous advice (sounding almost like a chamber of commerce during October) about how to stay safe online. Daesh online activity is expected to continue to focus on information operations. Spanish police arrest two Daesh recruiters, and US prosecutors proceed against an Ohio man tweeting jihadist death threats.

Citizen Lab reports on "Packrat," a cyber threat actor Citizen Lab says has targeted South American journalists for several years. As its name suggests, the actor makes much use of RATs (remote-access Trojans). Observers speculate that Packrat is state-sponsored.

Trend Micro warns that the Independent's blog has been compromised to serve visitors TeslaCrypt ransomware.

The criminal black market continues growth and maturation.

Yesterday was Patch Tuesday, with security updates from Adobe (for Flash Player), Apple (for iOS, tvOS, OS X, watchOS, Safari, and Xcode), Google (for Android and Chrome), and Microsoft (for Windows, IE, Edge, Silverlight, Skype for Business, Microsoft Lync, .NET Framework, and Office). Microsoft rates eight of its seventy-one (71!) patches "critical." Of Google's nineteen Android fixes (actually pushed out Monday), four address "critical" issues.

As the US encryption debate unfolds, some see Kazakhstan's new law requiring backdoors as an international precedent.

Wired thinks it's found hemi-semi-demi-mythical Bitcoin creator "Satoshi Nakamoto": he is, says Wired, an Australian named Craig Steven Wright. Hours after Wired publishes its profile (much disputed since in Twitter and elsewhere) Australian police raid Wright's home on a tax beef.


Today's issue includes events affecting Argentina, Australia, Brazil, China, Ecuador, France, Germany, Iraq, Kazakhstan, Luxembourg, Morocco, Netherlands, Singapore, Spain, Syria, United Kingdom, United States, and Venezuela.

Cyber Attacks, Threats, and Vulnerabilities

ISIS Hackers Issue Marching Orders To Loyalists (Vocativ) A new warning for the group's supporters: "The war is getting tougher than before"

Americans Attracted to ISIS Find an 'Echo Chamber' on Social Media (New York Times) When a lonely Virginia teenager named Ali Amin got curious about the Islamic State last year and went online to learn more, he found a virtual community awaiting

This is how the Islamic State will exploit cyberterrorism (MarketWatch) Recruiting and funding will be done online, and not necessarily in the Middle East

South America hacker team targets dissidents, journalists (AP via KIII TV) A shadowy cyber-espionage group that sent malware to the prosecutor whose mysterious death transfixed Argentina early this year has been hitting targets in left-leaning nations across South America, the Internet watchdog group Citizen Lab reported Wednesday

Packrat: Seven Years of a South American Threat Actor (Citizen Lab) This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil

Millions of websites managed by WordPress, Drupal and Joomla could be vulnerable to XSS, SQLi attacks (FierceITSecurity) Millions of websites managed by WordPress, Drupal and Joomla could be vulnerable to cross-site scripting and SQL injection attacks, warned app security firm Veracode

Known Security Flaw Found In More Antivirus Products (Dark Reading) A vulnerability discovered earlier this year in AVG software also spotted in Intel McAfee, Kaspersky Lab AV products

Four Out of Five Applications Written in Web Scripting Languages Fail OWASP Top 10 Upon First Assessment (Veracode) Veracode, a leader in protecting enterprises from today's pervasive web and mobile application threats, today released a supplement to the 2015 State of Software Security: Focus on Application Development, a report based on benchmarking analytics from its cloud-based platform

Inadvertently Disclosed Digital Certificate Could Allow Spoofing (Microsoft Security TechCenter) Microsoft is aware of an SSL/TLS digital certificate for * for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue

Microsoft's New Windows 10 IoT Core Pro Could Spell Trouble For Security (TechTimes) Microsoft's Windows 10 IoT Core Pro version is designed to allow OEMS to defer and control updates through Windows Server Update Services (WSUS)

Personal info of 12+ million Dutch mobile phone owners easily accessible to hackers (Help Net Security) Sijmen Ruwhof, a freelance IT security consultant and ethical hacker from Utrecht, recently stumbled across what turned out to be an example of how poor security practices of business partners can result in the compromise of a company's customer data — in this case, the compromise of personal data of basically all Dutch citizens who own a mobile phone

This Bot Is Out for Brains: ElasticZombie Exploiting Elasticsearch Vulnerabilities (Recorded Future) While recently mining our Recorded Future alerts (event, entity, and keyword matches on the Web) for new attacker TTPs (techniques, tactics, and procedures) we came across an interesting and trending text fragment — ElasticZombie Botnet

The German Underground: Buying and Selling Goods via Droppers (TrendLabs Security Intelligence Blog) The recent Paris attacks were carried out with both guns and explosives. While the perpetrators probably made the latter themselves, they could not do the same for their guns. So where did they turn to? One option may have been: the Deep Web

Attackers are building big data warehouses of stolen credentials and PII (CSO) Attackers are swapping, selling, and associating increasing stores of linked PII and credentials to run deeper, broader, and more stealthy information invasions

North America's Cyber 'Underground' Still Relies on Surface Web (Infosecurity Magazine) Forget the Deep Web; North America's Cybercrime underground is as open and free-to-enter as they come, but no less stocked with stolen data, contraband and illegal services, according to a new Trend Micro report

For sale: Hacking expertise (Channelnomics) Cyber criminals gain traction with 'as-a-service' hacking operations

Universities suffer cyber-attack (BBC) University students across the UK have been unable to submit work, after the academic computer network known as Janet came under cyber-attack

Blog of News Site "The Independent" Hacked, Leads to TeslaCrypt Ransomware (TrendLabs Security Intelligence Blog) The blog page of one of the leading media sites in the United Kingdom, The Independent has been compromised, which may put its millions of readers at risk of getting infected with ransomware. We have already informed The Independent about this security incident. However, the site is still currently compromised and users are still at risk

MaineGeneral, FBI probe cyber attack (Healthcare IT News) 'We continue to investigate precisely what happened'

Hello Barbie, Can We Talk About Your Security Issues? (TechNewsWorld) New security issues that surfaced last week in connection with Mattel's Hello Barbie doll, which talks back to kids, have heightened fears that hackers could use the toy to steal information about its owners and their families

Child's Play: Hacking the Internet of Things (PD&D) A company called VTech based in Hong Kong makes smart toys for kids. One of their tablet products can connect to a parent's smartphone with a service called KidConnect, allowing children to send photos and text messages to their parents

Facebook hoax alert! No, Mark Zuckerberg is not giving $4.5m to people like YOU and ME (Naked Security) OMG!! Did you hear that new dad Mark Zuckerberg is giving away $45 billion of Facebook stock and that for some reason none of the news articles about it have mentioned the fact that 10% of it is being given to Jane and Joe Schmoes like you and me if we just copy and paste this message about it which has a smiley face that makes me feel all warm and fuzzy and trusting?

100,000 laptops and phones left in UK bars each year (Help Net Security) UK bars guzzle up a staggering 138,000 mobile phones and laptops each year, and alarmingly 64 percent of the devices do not have any security protection installed, which means anyone can gain access to the contents they hold

Security Patches, Mitigations, and Software Updates

Adobe, Microsoft Each Plug 70+ Security Holes (KrebsOnSecurity) Adobe and Microsoft today independently issued software updates to plug critical security holes in their software

Microsoft Patches 71 Flaws, Two Under Attack; Warns of Leaked XBox Live CERT (Threatpost) Forgive your local Windows admin if they're a little shy on holiday cheer in the coming days. Blame instead Microsoft for foisting upon them on Tuesday 71 security patches, including two for vulnerabilities in Office and the Windows kernel currently under attack

Microsoft Security Bulletin Summary for December 2015 (Microsoft SecurityTech Center) This bulletin summary lists security bulletins released for December 2015

Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system

Apple Releases Multiple Security Updates (US-CERT) Apple has released security updates for iOS 9.2, tvOS 9.1, OS X, watchOS 2.1, Safari 9.0.2, and Xcode 7.2 to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system

Stable Channel Update (Chrome Releases) The stable channel has been updated to 47.0.2526.80 for Windows, Mac, and Linux. This release contains an update to Adobe Flash Player ( and security fixes

Four critical Android bugs patched, one could lead to permanent device compromise (Help Net Security) Google's December security update for Android has been pushed out to Nexus devices on Monday, and it contains fixes for 19 vulnerabilities, four of which are deemed "critical"

Cyber Trends

Pearl Harbor Should Remind Us What Real War Looks Like; Cyber Attack Isn't It (Forbes) Yesterday, Americans remembered that day that still lives in infamy, the day in 1941 when the Imperial Japanese Navy carried out a devastating surprise attack on the U.S. Navy base at Pearl Harbor, Hawaii

DirectTrust predicts the end of Meaningful Use (FierceHealthIT) Interoperability, "freed" health data, patient engagement and data security among trends to watch in 2016

Retailers Inadequately Secured Against Risks From Temporary Workers (Dark Reading) Retailers recognize temps are higher-risk, but have lower visibility into their activity


All those scary hacks are creating a lot of demand for certain computer experts ( According to the 2015 Global Information Security Workforce Study

When Ethical Hacking Can't Compete (Atlantic) Companies are paying "white hat" hackers to probe their cybersecurity systems for weaknesses — but some say that so far, they aren't paying enough

Yahoo Is Reportedly Not Going To Spin Off Stake In Alibaba (TechCrunch) Yahoo is not going to spin off its 15% stake in e-commerce giant Alibaba, according to sources cited by CNBC. Instead, Yahoo is going to look into selling its core Internet business

General Dynamics unit to partially fund Va. cybersecurity accelerator (Washington Post) Since accepting its first class of start-ups at the beginning of 2013, cybersecurity start-up incubator Mach37 has been run entirely on public funding. That's about to change

Symantec Invests $50M in Cyber Security (CCM) Symantec has announced its plan to invest more than $50 million in its global cyber security services

Tech Five: FireEye jumps off upgrade (USA Today) Shares of security company FireEye are up in early trading off a recent stock upgrade

The future of LastPass — what is next for the Internet's top password manager? (Computerworld via CSO) LogMeIn seems to be attracted to the value in retaining the large user base that LastPass built over many years

Products, Services, and Solutions

F-Secure Launched New Version of SAFE to Deliver a Simplified User Experience for the Whole Family (MarketWired) F-Secure redesigns SAFE to help users protect themselves and each other with a single security service

Bromium vSentry and LAVA 3.0 Deliver Complete Threat Protection (MarketWired) Company doubles revenue in response to enterprise demand to prevent targeted attacks that bypass traditional security solutions

Exostar Launches Cybersecurity Risk Assessment Solution (BusinessWire) Partner Information Manager allows organizations to identify and address vulnerabilities throughout their global, multi-tier supply chains

Fighting back against DNS based zero-day attacks (Computer Business Review) Infoblox aims to cut down on DNS data exfiltration

IBM opens SIEM security analytics platform to custom app development (FierceCIO) IBM today opened up its security analytics platform IBM Security QRadar to developers looking to build custom security apps

Technologies, Techniques, and Standards

The Problem with Email: The Security and Challenges of Corporate's Favorite Communication Method (Legaltech News) While email is still the primary method of business communication, it brings with it tremendous cybersecurity risks

Seven Steps for Making Identity Protection Part of Your Routine (US-CERT) The Internal Revenue Service (IRS) has released the third in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home

Enforcing USB Storage Policy with PowerShell (Internet Storm Center) In a previous diary, I presented the CIRCLean (USB sanitizer) developed by the Luxembourg CERT ( This tool is very useful to sanitize suspicious USB sticks but it lacks of control and enforcement. Nevertheless, how to prevent the user to insert the original USB stick in a port of his computer?

Study Finds More Companies Have Data Breach Response Plan, But Still Lack Crucial Steps (IT Business Edge) Amidst today's threat landscape, it is a positive sign that businesses have acknowledged data breaches as a corporate issue they must prepare for

IT personnel and executives: Worst at security (TechRepublic) It's not always external attacks that can hinder network performance and put data at risk. Sometimes the problem exists with your users — especially the ones who should know better

Advent tip #9: Think before you share on social media (Naked Security) Maybe it sounds obvious, but oversharing on social media is a BAD idea

Design and Innovation

Symantec to say goodbye to passwords with biometric technology (ZDNet) In an effort to improve security, Symantec will be releasing a host of capabilities next year that will feature biometric technology instead of relying on passwords

Security Issues that Deserve a Logo, Part 1: Glimpse (Tenable Network Security Blog) Since April 2014, a new trend in security has experienced a meteoric rise, with headlines grabbed in both mainstream media and the tech press

Perimeter Inversion: Turning Digital Security Inside Out (Dark Reading) We need security solutions that are designed from the ground up to operate in today's dynamic environment

Research and Development

NASA, Google reveal quantum computing leap (ITWorld) In an experiment, a quantum computer outperformed a conventional machine by 100 million times

IBM tapped by US intelligence agency to grow complex quantum computing technology (Network World) Intelligence Advanced Research Projects Activity filling out its quantum systems development program


Australian university launches cyber security master's degree (ComputerWeekly) The University of New South Wales in Canberra has launched a master's course in cyber security, strategy and diplomacy

Legislation, Policy, and Regulation

Kazakhstan's New Encryption Law Could Be a Preview of US Policy (Defense One) The Central Asian country will require 'back doors' that will allow the government to surveil and censor Internet traffic

UN plans special meeting on technology and counter-terrorism (FierceGovernmentIT) A counter-terrorism committee established by the United Nations Security Council in the wake of the Sept. 11 attacks will hold a special meeting on preventing and combating abuse of Internet and communications technology for terrorist purposes

US-Singapore Defense Agreement Eyes Collaboration on Cyber, Disaster Relief (ExecutiveGov) The U.S. and Singaporean governments have signed an agreement that aims to expand bilateral defense relations between the two countries, DoD News reported Monday

Senators revive bill requiring tech sector to report online terror activity (Ars Technica) Feinstein says bill will help authorities "identify and prevent terrorist attacks"

Lawmakers still at impasse over cyber bill (The Hill) Lawmakers seeking a compromise on the final text of major cybersecurity legislation are still at an impasse, a co-sponsor of one of the bills said Tuesday afternoon

3 Ways Silicon Valley Could Help Fight Terrorism (Time) Disrupting ISIS is complicated, and doing so could create other problems

Tech sector denounces bill requiring firms report terrorist activity (Christian Science Monitor Passcode) In the wake of terrorist attacks in California and Paris, Sens. Dianne Feinstein and Richard Burr are reviving a controversial proposal requiring social media sites report terrorist activity to federal authorities

Cyber jobs open for junior enlisted who want to reclassify (Army Times) The Army has posted a "help wanted" sign for qualified junior enlisted soldiers interested in reclassifying to MOS 17C, cyber operations, a specialty with good promotion opportunity and career prospects for the future

Army Implements Online Storefront for Tactical Communication Security Tools (ExecutiveGov) The U.S. Army has implemented a virtual storefront that works to help soldiers obtain cryptographic tools for the security of laptops, radio systems and other communication platforms used in the battlefield

Litigation, Investigation, and Law Enforcement

Suspected 'Islamic State' recruiters arrested in Spain (Deutsche Welle) Spanish police have arrested two people on suspicion of forming an 'Islamic State' (IS) group cell and recruiting and indoctrinating Islamic militants. The pair had made specific threats against Spain and France

San Bernardino shooting planned a year in advance: report (The Hill) Last week's mass shooting in San Bernardino, Calif., that killed 14 was reportedly planned up to a year in advance

Bulk Phone Records Collection & San Bernardino (Overt Action) The recent terrorist attack in San Bernardino has kicked up yet another round of debate regarding NSA's bulk phone records collection program, which was officially ended on November 29th, in accordance with requirements of the USA FREEDOM Act

California terror attack shows difficulty ID'ing terrorists (Military Times) By the time the married couple who carried out the deadly San Bernardino terrorist attack came to the attention of police, it was far too late

Meet the woman in charge of the FBI's most controversial high-tech tools (Washington Post) In the aftermath of Wednesday's shooting rampage in San Bernardino, FBI teams recovered computer hard drives, flash drives and crushed cellphones left by the attackers

FBI admits it uses stingrays, zero-day exploits (Ars Technica) The "queen of domestic surveillance" inches closer to hot-button topics

Ohio man accused of making threats against military members (Military Times) An Ohio man who prosecutors say was sympathetic to the Islamic State posted the names and addresses of 100 members of the military on social media and called for them to be killed, according to a federal indictment issued Tuesday

Ex-IBM employee from China arrested in U.S. for code theft (Reuters) A former software engineer for IBM Corp in China has been arrested by U.S. authorities for allegedly stealing proprietary source code from his former employer, prosecutors announced on Tuesday

Police target UK's young cybercriminals (BBC) Teenagers committing crimes online are being targeted by the National Crime Agency

Bitcoin's Creator Satoshi Nakamoto Is Probably This Unknown Australian Genius (Wired) Even as his face towered 10 feet above the crowd at the Bitcoin Investor's Conference in Las Vegas, Craig Steven Wright was, to most of the audience of crypto and finance geeks, a nobody

Australian police raided the home of the man who may have created bitcoin (Quartz) Hours after a long profile was published in Wired magazine naming Craig Steven Wright, a relatively obscure Australian, as the secretive creator of the digital currency bitcoin, police are reportedly raiding his home over a tax investigation

Sophos settles legal claims with US rival (fastFT) Sophos, the recently-listed UK cyber security group, has settled with US competitor Fortinet following a lawsuit that accused it of stealing patents and staff

Find My iPhone Search Ends in Violence (Intego) As we have detailed in the past, there are many examples of cases where "Find my iPhone" has helped save lives or helped law enforcement agencies locate criminals too dumb to disable it

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...

Upcoming Events

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...

Cyber Risk Wednesday: 2016 Threat Landscape (Washington, DC, USA, December 9, 2015) To discuss how 2016 will likely challenge today's security thinking and what we can learn from the past year's developments and these trends, please join the Atlantic Council's Cyber Statecraft Initiative...

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.