skip navigation

More signal. Less noise.

Daily briefing.

Twitter has warned some users that their accounts "may have been targeted by state-sponsored actors." The warning's text suggests the actors may be looking for email addresses, IP addresses, or phone numbers. The BBC reports speculation that the state sponsoring the reconnaissance is either China or North Korea, but it's unclear whether this is based on evidence or a priori probability.

The US Justice Department describes ISIS/Daesh's social media "crowdsourcing of terrorism," where inspiration substitutes for command-and-control.

Anonymous takes a break from fighting ISIS to attempting a DDoS attack against one of Donald Trump's commercial websites. Their "#OpTrump" is prompted by the US presidential candidate's remarks about Islamic immigration. Other Anonymous cells romp farther afield, releasing personally identifiable information stolen from European Space Agency subdomains. The motive? The lulz.

FireEye describes "LatentBot" — obfuscated, modular, easily updated, and dangerous, but still pretty noisy, flagged by many AV products as a generic Trojan.

Ransomware continues its proliferation.

In Europe, Trend Micro sees something new: the development of a German cyber criminal underground. Not as big as that a few hundred kilometers to the east, but well-organized and active.

In industry news, LookingGlass acquires QinetiQ cyber unit Cyveillance.

Israel mulls calling for a NATO-like international organization for cyber security. The aspiration isn't Article 5 (collective response to attacks), "but detect and mitigate before Article 5."

Europe moves closer to a Safe Harbor replacement. France won't ban Tor or public Wi-Fi after all. US debates over both Wassenaar and controls over encryption resume.


Today's issue includes events affecting Brazil, Canada, China, European Union, France, Germany, Hungary, India, Iraq, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Peru, Philippines, Poland, Russia, Singapore, South Africa, Spain, Syria, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Twitter warns of government 'hacking' (BBC) Twitter has sent warnings to a number of users that their accounts may have been hacked by "state-sponsored actors"

Justice Department official: ISIS 'crowdsourced' terrorism by exploiting social media (PBS News Hour) One official at the helm of the U.S. government's fight against terrorism is the Assistant Attorney General for National Security John Carlin

Donald Trump Under Cyber Attack Over His Hate Speech Against Muslims (Morocco World News) Anonymous have declared a cyber war against Republican presidential candidate Donald Trump, over his anti-Muslim hate speech

The Hacktivist War on ISIS? (Slate) An offshoot of Anonymous has declared war on terrorism. But its efforts could be making things worse

Latentbot: A Ghost in the Internet (Dark Reading) Malware's multiple layers of obfuscation make it almost invisible FireEye says

Latentbot Is the Next Step in Evolution for Stealthy Backdoors (Softpedia) A stealthy new backdoor was detected by FireEye's Dynamic Threat Intelligence (DTI) team, one that takes great care to cover its tracks and stay hidden on infected systems like no other malware before it

Malware Hides, Except When It Shouts (GovInfoSecurity) Stealthy bootkit, plus refined ransomware, detailed in new reports

TeslaCrypt criminals launch 'very strong' spam campaign to spread crypto-malware (Computing) TeslaCrypt malware was first discovered earlier this year. Like other crypto-malware TeslaCrypt (also known as Alpha Crypt) encrypts the victims files, with the keys to unlock them only being sent after payment of a ransom in Bitcoin

Wexford man has PC ruined after cyber-criminals hack in demanding €800 ransom (Irish Examiner) The case has been made public by internet security firm ESET Ireland which received details from one of its partner companies in Wexford to which the man had gone seeking help

G Data warnt vor neuen Dridex-Malwarekampagnen gegen deutsche Nutzer (IT Espresso) Das gleichnamige Botnetz hat sich offenbar weitgehend von der im Oktober in mehreren Ländern durchgeführten Polizeiaktion erholt

Predictable: How AV flaw hit Microsoft's Windows defences (Register) An ecosystem issue explained

Steam Users Looking for Item Trading Shortcut Find Malware Instead (Motherboard) No good deed goes unpunished. Earlier this week, Valve took measures to protect Steam users from being hacked, but scammers are already using these new protections to lure gullible players into new traps

Polycom VVX-Series Business Media Phones Path Traversal Vulnerability (0-Day) (Depth Security Blog) In June I spent a little time in the web administrative interface of a Polycom VVX600 IP phone running UC Software Version As I proxied the traffic through BurpSuite, I immediately noticed something interesting in the requests that the interface uses to display phone background images and ring tones to web users

European Space Agency records leaked for amusement, attackers say (CSO) In all, 8,107 names, email addresses, and passwords were posted to the Web

German Cybercriminals Develop Flourishing Local Black Market (Infosecurity Magazine) German cybercrime business owners are developing sophisticated local offerings to better compete with English language and Russian underground marketplaces, according to a new report from Trend Micro

U-Markt Peering into the German Cybercriminal Underground (Trend Micro) The German cybercriminal underground is well-developed and -managed by cybercriminals even though it remains a small community in number compared with the Russian and Brazilian underground markets. It may also be the most developed underground within the European Union (EU) despite the existence of a French underground market. The Spanish underground, however, merged with the Latin American market

Piracy sites make up to '$70m per year by spreading malware' (International Business Times) Apart from selling stolen content, pirates have now found a new way to make their fortune — by spreading malware. They can earn up to $70m per year by merely spreading malware on users' computers

Hello Barbie, goodbye privacy — the internet-connected toys sparking security fears (Sydney Morning Herald) "It is a little freaky having a doll talking to you," says Kate Highfield. She's been chatting with Hello Barbie, a Wi-Fi-enabled plaything who promises to be "just like a real friend" — but for being plastic and having no hips

Business email compromise scams still happening, still successful (Help Net Security) Despite repeated warnings issued by law enforcement, information sharing organizations, and security companies, Business Email Compromise (BEC) scams still abound and the scammers still "earn" money

Cyber-Scammers Step Up Volume of Robocall Schemes During Holidays (eWeek) The advent of the holiday season seems to increase the number of phone scammers trying to install malware on your computer

Bulletin (SB15-348) Vulnerability Summary for the Week of December 7, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Google extends Safe Browsing to Android Chrome (Naked Security) Google says that its Safe Browsing service already protects about 1 billion desktop users from all sorts of online nastiness, be it malware, unsavory software, or social engineering (particularly phishing) sites

Steam tightens security to stem tide of 77,000 monthly hijackings (Naked Security) Steam tightens security to stem tide of 77,000 monthly hijackings

About the security content of iTunes 12.3.2 (Apple Support) This document describes the security content of iTunes 12.3.2

Researcher says Microsoft Edge has inherited many of Internet Explorer's security holes (TechWorm) Microsoft Edge is filled with many Internet Explorer's security holes says researcher

Cyber Trends

Kaspersky Lab's new malware count falls but other AV provider have different figures (SC Magazine) Kaspersky Lab's new malware count falls as cyber-criminals look to save money — but other AV providers dispute Kaspersky's figures

Maintaining Privacy in the IoT Era (Information Security Buzz) Advances in technology have paved the way for an entirely new era of communication between people and machines

Cyber-warrior CEO lists 5 top threats in 2016 (Manila Times) It's almost the end of the year and like most corporate executives, Jeff Castillo finds himself in a mad rush to finish everything that has to be done and prepare for the coming year

TalkTalk style cyber attacks on firms could be set to worsen next year (City a.m.) Hackers will increasingly use distributed denial of service (DDoS) attacks to knock websites offline and dodge cyber security, businesses are being warned

Cyber-Attack Tools Used Against Businesses Differ from Those in Consumer Attacks: Survey (Legaltech News) Kaspersky Lab's experts found that in 2015, 58 percent of corporate PCs were hit with at least one attempted malware infection, up three percent from 2014

Hackers are waging 'asymmetric warfare' against big companies (Business Insider) The cofounder of Europe's only cyber security startup accelerator says big companies are waging "asymmetric warfare" against nimble-footed hackers who are increasingly looking to claim corporate scalps

48% of companies accuse their competitors of staging DDoS attacks against them (SC Magazine) A recent survey has revealed that 48 percent of businesses believe they know both the identity and motivation of those behind DDoS attacks carried out against them, a large portion of which believed it was their competitors orchestrating the attacks

In hacking, the blame game is purely for entertainment (Engadget) Pointing fingers doesn't make your data more secure

Global survey by Gemalto reveals impact of data breaches on customer loyalty (Dark Reading) Nearly two-thirds (64%) of consumers surveyed worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen

The Price of the Wearable Craze: Less Data Security (NBC News) Technology pioneer isn't a role people associate with former vice president Dick Cheney, but technology security experts today give his medical advisory team props for a move made back in 2007 — disabling the wireless capability on Cheney's pacemaker

Hackers in 'white hats' join effort to thwart the bad guys (Financial Times) Commuters in the Israeli port city of Haifa fumed during a particularly tedious traffic jam two years ago, never guessing that the logjam was caused not by an accident or some other relatively customary event — but reportedly by cyber attack

Cybersecurity experts cautiously optimistic about 2016 (Christian Science Monitor Passcode) Passcode was the exclusive media partner at an event looking at the cybersecurity landscape of 2016 hosted by the Atlantic Council think tank. Here's what we learned

7 Top Technology Trends for 2016 (LinkedIn) 2o15 was a transformative year for technological innovation. 2106 continues that technology trend with more disruption in sight. Below is a short list of my predicted trends for the coming year


Hacking is the biggest threat to British business (Telegraph) Increased awareness of cyber risks could lead to younger people with greater technical ability sitting on boards

IBM On An Acquisition Spree (Seeking Alpha) IBM has made 12 acquisitions this year, with the cloud and its cognitive system Watson driving them

VMware Throws in White Towel on Virtustream — A Good Move (FBRFlash) This morning, December 14, VMware announced in an 8-K that it would not be participating in the formation of the Virtustream Cloud Services joint initiative between EMC and VMware

CyberArk: Great Company, Expensive Stock (Seeking Alpha) A comparison to peers suggests that CyberArk is trading at high valuations around $40 per share. But CyberArk has a solid business, with strong profitability and a good product. Buying the stock now is very risky, while holding the stock is perfectly fine

LookingGlass Announces Cyveillance Acquisition and $50 Million Funding (BusinessWire) Acquisition positions LookingGlass as the most comprehensive threat intelligence provider adding open source intelligence for customized protection against threats targeted specifically at the client

Cybersecurity startup hires CIO to accelerate growth (CIO) Crowdstrike, armed with $100 million in funding in a burgeoning cybersecurity sector, has hired its first CIO. He will help the company as it expands globally

Products, Services, and Solutions

Cyberbullying insurance? That’s a real thing one company is offering in the United Kingdom. (Washington Post) It's no secret that online trolling can be disruptive. Some of its most extreme forms like swatting — where a harasser fakes an emergency to get police to raid a victim's home — are real world safety threats

QTS Adds Vormetric Encryption Platform to Data Security Offerings (ExecutiveBiz) QTS Realty Trust and Vormetric have teamed up to help QTS' government and commercial data center customers in efforts to meet data compliance requirements and protect their network infrastructures from potential data breaches

Exabeam Announces Technology Partner Program (BusinessWire) Integrated security analytics deliver market-leading protection against cyber threats

Facebook Introduces Security Checkup Tool For Android (Übergizmo) When it comes to security of apps on your mobile devices, not all apps were created equal

Technologies, Techniques, and Standards

Front lines of cyber risk: What's a company's best defense? (PropertyCasualty360°) "We've been hacked"

Cyber security standards office seeks feedback on infrastructure improvements (Busienss Insurance) A comment period on the National Institute of Standards and Technology's voluntary framework for improving critical cyber security infrastructure began Friday

NIST seeks feedback on how agencies use cyber framework (FierceGovernmentIT) The National Institute of Standards and Technology wants to know how people are using its voluntary Framework for Improving Critical Infrastructure Cybersecurity

UK hosts international cyber attack response test (ComputerWeekly) The UK has hosted an exercise to test how investigators and prosecutors across Europe and the US would work together in the event of a complex international cyber criminal incident

Home on the cyber warfare range: Hands-on training on how hackers think (Cronkite News) Other soldiers play war games. Why not cyber warriors?

New threat intelligence sharing site to open for all Canadian firms (IT World Canada) Canadian CISOs are about to get help in defending attacks through something few other nations have — a national cyber threat information exchange for small, medium and large enterprises from all sectors

PSC breaks cloud adoption down to 6 steps for CIOs (FierceGovernmentIT) A new six-step guide offers government agencies tips on how to transition to the cloud

A free, almost foolproof way to check for malware (InfoWorld via CSO) How to scan every running process on your system for malware in seconds, without installing antimalware software

Endpoint security still inadequate despite growing threats (Security Asia) Endpoint security solutions today are lacking in spite of significant gaps, vulnerabilities in security and heightened fear of a security breach, says Promisec, endpoint security and compliance vendor

Inside job: 6 ways employees pose an insider threat (Help Net Security) CISOs and CIOs have seen the prospects of losing control over data and the accompanying data privacy and security concerns as the biggest hurdle to cloud adoption

Learn to Hack Your Own Code (DZone) There are several quick tips and techniques to teach yourself how to hack your own code including free, open-source tools

Use The Privilege (Internet Storm Center) Windows is an operating system with security features. For example, one can specify which users can access a file

Don't Be a Victim of Tax Refund Fraud in '16 (KrebsOnSecurity) With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here's what you need to know going into January to protect you and your family

Advent tip #12: Don't email your credit card details! (Naked Security) During the holiday season, you, along with many other people, may use your credit card more than usual

Advent tip #13: Take care if internet friends ask for money (Naked Security) Lots of us have friends in the new-school sense of people that we think we know pretty well, but whom we've never actually met

Advent tip #14: Beware of login links in emails! (Naked Security) You've heard of phishing

Design and Innovation

MIT Creates Untraceable Anonymous Messaging System Called Vuvuzela (Softpedia) Scientists at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have created an anonymous messaging system, in the same category as Tor, I2P, and HORNET, which takes a different approach to relaying messages between two parties


National Cyber Defence Research Centre opened at PES University (WebIndia123) National Cyber Defence Research Centre, sanctioned by National Cyber Safety and Security Standards (NCSSS), an autonomous body of Government of India was opened at PESUniversity, a Deemed to be University, here yesterday

Legislation, Policy, and Regulation

Firms expect fines, new costs from Safe Harbor changes (CSO) Survey says 70 percent of IT decision makers expect to increase spending next year as a result

Tech Firms Gird for New EU Privacy Law (Wall Street Journal) The new law is expected to be signed Tuesday, and will tighten privacy protections for online users

France won't block public Wi-Fi or ban Tor after all (Ars Technica) French PM has stated that "a ban on Wi-Fi is not a course of action envisaged"

Israel Military Eyes NATO-Like Global Cyber Coalition (Defense News) A principal architect of the Israeli military's cyber defense force says Israel can play a key role in creation of an operational alliance — similar to that of NATO, but global in scope — to collectively defend against global cyber threats

Can Silicon Valley 'disrupt' ISIL's virtual caliphate? (Al Jazeera) After San Bernardino, lawmakers called for tech companies to report or censor 'terrorist' content, but challenges abound

Intelligence agencies are using terrorism as a lever to weaken online privacy (Economic Times) Perhaps predictably, the battle against ISIS is blurring into a battle against encryption — the encoding and scram bling of digital messages so that they can only be read by those who have the right keys

The Moral Failure of Computer Scientists (Atlantic) In the 1950s, a group of scientists spoke out against the dangers of nuclear weapons. Should cryptographers take on the surveillance state?

What's the Plan? (US News and World Report) After the 9/11 attacks, a spooked Congress put aside its partisan divisions and worked quickly to provide law enforcement and intelligence agencies the tools they wanted to prevent another assault

Can National Security Advisor settle cybersecurity feud? (Christian Science Monitor Passcode) Two Congressional lawmakers want Susan Rice to get involved in a dispute between the State Department and industry officials over proposed export rules for technology that could be used for malicious purposes

House bill lets state, local take advantage of DHS cyber tools (Federal Times) A new bill passed a House vote on Dec. 10 expanding the Department of Homeland Security's cybersecurity role to include assisting state and local governments upon request

The FAST Act's Cybersecurity and Privacy Provisions for the Electric Grid, Internet of Things, and Connected Cars (Lexology) On Friday, December 4, President Obama signed the Fixing America's Surface Transportation ("FAST") Act, a $300 billion-plus highway and transportation law and the first comprehensive transportation spending law in a decade

DoD eyeing commercial cloud options for secret data (C4ISR & Networks) The Defense Department's cold feelings toward moving any of its classified data to a commercial cloud provider might be warming up as the department evaluates options for commercial cloud companies to handle and store secret information

Information warfare task force tackles Corps' strategy (Marine Corps Times) Marines are laying the groundwork for the Corps' next generation of information warfare — including offensive operations

National Guard making headway in nationwide cyber force (Defense Systems) As the Pentagon and the individual service branches push forward with filling out the eventual 133 cyber mission teams under the U.S. Cyber Command, the Guard and Reserve will be playing an increasingly important domestic role

Litigation, Investigation, and Law Enforcement

OPM still searching for 7 percent of breach victims (Federal Times) The Office of Personnel Management has been sending some 800,000 letters a day since Sept. 30, alerting current, former and prospective federal employees and family members that their information was compromised in a network breach last year

IG: OPM made mistakes in contracting for identity theft services (FierceGovernmentIT) A member of Congress is calling for the removal of the Office of Personnel Management's chief information officer following the release of an audit showing missteps in the agency's contract for identity theft services

Security of DoD noncore data centers, wireless, software in watchdog's sights (FierceGovernmentIT) The Defense Department's Office of Inspector General has more than 10 IT-related investigations planned for the year

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Orgnaization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged,...

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged,...

CES CyberSecurity Forum (Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...

FloCon 2016 (Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, January 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to...

Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.