skip navigation

More signal. Less noise.

Daily briefing.

HackRead reports that a number of apps devoted to Biblical or Quranic study or devotion are infested with malware. Their story suggests the perpetrators are probably criminals engaged in a post-modern version of affinity scamming.

CloudSek finds an interesting wrinkle in the criminal markets. An "unnamed South Asian company" seems to be not only selling legitimate security products and services (employee monitoring software among them), but malware with data exfiltration capabilities as well. CloudSek calls the outfit in its malicious aspect "Santa APT," since much of its crimeware is Christmas-themed.

Last Christmas, you may recall, LizardSquad skidded into the holiday by DDoSing Xbox Live and Playstation Network. This week PhantomSqaud [sic] makes the naughty list with a similar threat. For the children's sake, let Microsoft and Sony look to their networks.

Damballa and Proofpoint offer accounts of, respectively, Pony and Angler. Damballa outlines in considerable detail Pony's evolution, and Proofpoint explains how domain shadowing is being used to facilitate the Angler exploit kit's dissemination.

Linux administrators take note: researchers at Universitat Politècnica de València have demonstrated a technique that bypasses password protection on the Grub2 bootloader. The method (which involves backspacing 28 times) seems depressingly simple.

The National Science Foundation has released a "roadmap" for experimental cyber security research.

Reaction to pending US cyber legislation continues to pour in. Opinions are divided between those who applaud it for promoting information sharing, and those who warn of incipient threats to privacy.

Governments from Brazil to China move to restrict social media.


Today's issue includes events affecting Australia, Bulgaria, Canada, China, Germany, Ghana, Russia, Saudi Arabia, United Kingdom, United States.

Dateline Imperial Cyber Security

Assessment Report for HIM Palpatine 05.25.1977 (Kessel Cyber Security Consulting) Executive Summary: The Galactic Empire contracted Kessel Cyber Security Consulting (Kessel) to assess the security of its new "Death Star" campus before accepting it for accreditation to Imperial networks. We did so in three series of assessments and tests, the findings of which are presented in the body of this report

Cyber Attacks, Threats, and Vulnerabilities

Bible and Quran Apps Infected with Malware Capable of Spying (HackRead) There are a hundred types of malware hidden inside the Bible and Quran apps, most of which are available all over the Android play store and some on iOS

Asian company is the newest APT threat (Help Net Security) An unnamed South Asian software development consultancy that creates software for employee monitoring is also an APT player and, according to CloudSek CTO Rahul Sasi, it appears to be conducting widespread intellectual property theft for economic gain

PhantomSquad threatens to take down XBox Live and PSN this Christmas (Graham Cluley) Remember last Christmas when a group of hackers calling themselves LizardSquad ruined the holidays for many video game lovers by knocking the XBox Live and PlayStation Network offline with a distributed denial-of-service (DDoS) attack?

Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps (CloudSek) CloudSek monitors were researching the activities of an APT [Advanced persistent threat ] that is targeting software companies globally

Pony Up! Eight Months of Evolution (Damballa) Cyber criminals frequently move their infrastructure. Domains stay online for a few days or hours, which makes it challenging for defenders to leverage security tools that rely on blacklists and other known-bad indicators. Damballa's Threat Discovery Center has been monitoring Pony for eight months, and has captured all instances

The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK (Proofpoint) Most online ads are displayed as a result of a chain of trust, from the publishers to the malicious advertiser via ad agencies and/or ad networks

Vulnerability in popular bootloader puts locked-down Linux computers at risk (IDG via CSO) The flaw can allow attackers to modify password-protected boot entries and deploy malware

Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases (IDG via CSO) Security researchers sound alarm on "very serious" privacy problem

At least 10 major loyalty card schemes compromised in industry-wide scam (Register) CyberInt: This is a 'significant' and growing problem

Avast investigation into shopping apps reveals another Target security blunder (Techspot) Security researchers with Avast recently took a look at several shopping apps to see just how much retailers know about their shoppers. What the team found was a bit alarming, to say the least

VA to Congress: Cybersecurity & data breach update (Becker's Health IT and CIO Review) The Department of Veterans Affairs has released its Monthly Report to Congress on Data Incidents for the month of November

No, IKEA is NOT selling a swastika-shaped table called Hadolf (Naked Security) A viral Facebook post is making the rounds showing an image of a dinner table shaped like a Nazi swastika, alongside claims that Swedish furniture giant IKEA is selling the offensive item in its 2016 catalog

Why Identity is A Major Asset Online (HackRead) Why loss of identity online can lead to severe consequences, no matter how solid and reliable your preventive measures for security are

Cybersecurity Researchers Are Hunted from All Sides (Motherboard) Cybersecurity researcher Peter Kruse, founder of CSIS Security Group in Denmark, thought his mother was calling. Her number appeared on his phone, but when he answered, it wasn't her. Instead, a male voice told him to stop what he was doing as a computer expert

Security Patches, Mitigations, and Software Updates

Microsoft streamlines Windows 10 Mobile update process, fails badly on first update (FierceMobileIT) While Microsoft has streamlined the process for getting Windows 10 Mobile updates to users, it hasn't worked out the kinks so that the updates actually work

Symantec Responds to Google in HTTPS Certificate Scandal (Softpedia) Symantec has finally shed some light on the events that surrounded the "distrusting" of some of its certificates inside Google's products, blaming everything on the lack of a clear communication between its representatives and Google's staff

Facebook throttles antagonistic, drive-by 'fake name' reporting (Naked Security) After getting slammed by critics for over a year with regards to its real-name policy, Facebook on Tuesday hugged it tight, saying yet again that the policy's not going away

Cyber Trends

New threats will demand new approaches such as micro-segmentation and quantum encryption (Help Net Security) Leading security professionals around the world will adopt a new mindset in 2016, embracing advanced approaches such as micro-segmentation to counter increasingly sophisticated attacks by cyber criminals, according to security experts at Unisys

Securing the Digital Infrastructure (InfoRiskToday) Security and privacy imperatives for enterprises in the digital age

Healthcare Cloud Adoption Slow Due to HIPAA, Survey Finds (HealthITSecurity) "Security has been a major barrier to cloud adoption in many verticals, but it's especially critical in heavily regulated industries"

Research — The Real IoT Value By 2025 (WT Vox) McKinsey & Company's Global Institute conducted a research with the reason of exploring the "real" IoT value on the global economy

Q&A: Distributed Computing and the Evolving CISO with Susan Mauldin of Equifax (IoT Evolution) Enterprise adoption of big data and cloud infrastructure is presenting new challenges for Chief Information Security Officers (CISO). I recently sat down with Susan Mauldin, CISO, Equifax, to get her thoughts about the evolving role of the CISO, perhaps into Chief Information Risk Officers, and how to secure the cloud


Agencies Get Marching Orders for Filling 'Major' Cyber Talent Shortage (Defense One) "We still have the fundamentals wrong," says Office of Management and Budget's Trevor Rudolph

Microsoft Unveils Plans for China Joint Venture (Wall Street Journal) Microsoft will set up a jointly owned entity with China Electronics Technology Group

Russia's Kaspersky Labs signs deal with China Cyber Security Company as Beijing and Moscow call for end to US domination of internet (South China Morning Post) Russian software security giant Kaspersky Lab has formed a strategic partnership with a Chinese state-own company as Beijing and Moscow work more closely in policing their cyberspace

Oracle Corporation: Generally In-Line November Results; Softer Outlook with Massive Challenges Ahead — Maintain MP (FBR Capital) Last night, December 16, ORCL delivered F2Q16 (Nov) results essentially in line on revenue and beating slightly on the bottom line, a dynamic we would characterize as "better than feared," given a painful cloud transition coupled with ongoing challenges for Oracle's traditional license business

Trustlook raises $17 mln (PE Hub Network) Trustlook Inc., a leading global mobile security provider for the Android platform, today announced that it has closed a $17 million Series A round of funding

Former Kaspersky Exec Looks To Transform Carbonite To Channel-Focused Model (CRN) After helping launch Sophos fully into the channel and driving growth at Kaspersky Lab, Christopher Doggett said he's turning his sights to transforming Carbonite into a channel-focused sales organization

NATO builds up cyber alliance with Symantec tie-in (IT Pro) Symantec has signed a deal with NATO Communications and Information (NCI) Agency to boost information sharing between the IT security firm and the military organisation

Navy Seeks NAVAIR Cyber Warfare Detachment Support Through Basic Ordering Agreement (ExecutiveBiz) The U.S. Navy has announced plans to award potential five-year basic ordering agreements to contractors that can provide support services for the Naval Air Systems Command's Cyber Warfare Detachment

Columbia MD Tech Company, Convergence Technology, Named Baltimore Sun's Top Workplace for the Third Time (Baltimore Sun) Top Workplace '12, '13, '15

LightCyber Receives SC Magazine 2015 Security Industry "Innovator" Recognition (BusinessWire) Company also designated Top 10 "Coolest Security Startups" by CRN

eGlobalTech Appoints Sal Fazzolari as COO (Washington DC City Biz List) eGlobalTech (eGT), a leading provider of management and IT consulting services for the Federal Government, is excited to announce the appointment of Sal Fazzolari as Chief Operating Officer (COO). In this capacity, Fazzolari will oversee eGT's strategic vision and continued growth

Products, Services, and Solutions

Triumfant and Bay Dynamics Announce Key Integration (Triumfant) Strategic partnership allows both companies to strengthen their offerings through a seamless integration delivering industry-leading analytics and remediation

FireStorm: Mitigating the Vulnerability That Can Completely Bypass Firewalls and Exfiltrate Data (Cyveillance Blog) Looking Glass and Cyveillance have joined forces to deliver the most advanced and comprehensive threat intelligence driven solutions. Today, A.J. Shipley, Looking Glass' Vice President of Product Management, discusses how Looking Glass and Cyveillance solutions can help protect an organization from DNS threats, such as the FireStorm vulnerability

ThreatStream Announces FED Exchange for Federal, State & Local Government (Power Engineering) ThreatStream®, the pioneer of an enterprise-class threat intelligence platform, today announced the availability of the ThreatStream FED Exchange

Ntrepid Announces General Availability of Passages Enterprise (BusinessWire) Secure virtual browser provides complete protection from web-based attacks, isolating all browsing activity from the user's computer and enterprise network

ESET Introduces Banking and Payment Protection for Asia Pacific Consumers (Jakarta Post) ESET®, a global pioneer in proactive protection for more than two decades, today announced the release of its ESET Smart Security 9 and ESET NOD32 Antivirus 9

Bitdefender to Protect Charities Worldwide as First Security Software Provider in TechSoup Global Expansion (BusinessWire) Bitdefender, a leading Internet security technology company protecting 500 million users worldwide, is the first global security partner of the TechSoup global donation initiative

Lieberman Software and Sailpoint Partner to Provide a Unified Privileged Identity Access Control Layer for the Enterprise (MarketWired via EIN) Enterprise Random Password Manager™ and IdentityIQ™ integrate to control provisioning and access of both privileged and end-users through a unified identity governance platform

Technologies, Techniques, and Standards

Sorry for the Inconvenience (IEEE Spectrum) After looking back at the project failures chronicled in the Risk Factor for our recent set of interactive features "Lessons From a Decade of IT Failures," I became intrigued by the formulaic apologies that organizations put out in their press releases when something untoward happens involving their IT systems

Driving an industry towards secure code (Help Net Security) The German government made an unprecedented move this week by issuing requirements for all new vehicles' software to be made accessible to country regulators to ensure that emissions loopholes aren't exploited

Security can't be left behind at a rapidly growing company (CSO) Ginna Raahauge, senior vice president and CIO at Informatica, is focused on speed

Brains: The final frontier in information governance (FierceContentManagement) Companies frequently struggle with managing content in a way that's unified and accessible to all the workers who need it

Social Engineering: How an Email Becomes a Cyber Threat (SecurityWeek) Social Engineering has been a staple of fraud since the dawn of time

Offense Informs Defense: Minimizing the Risk of a Targeted Attack (Legaltech News) This ALM cyberSecure session focused on the nature of hacking and what should be done about it

Rackspace CSO on security: It's time to go back to the fundamentals (Help Net Security) We no longer need to spend time discussing the sophistication and persistence of the threat; the risk associated with IoT and mobile devices, the devolution of the perimeter; the need for deterrence over prevention and the value of security versus compliance

How do you know if your smartphone has been compromised? (We Live Security) Little by little, smartphone users are beginning to understand how important it is to protect their devices so malware can't be installed on them

Advent tip #17: "Reply All" is probably not what you want (Naked Security) It's holiday season, so it's likely you'll be emailing groups of friends, friends of friends, and so on

Design and Innovation

The Secret Secret to Secrets (Electronic Engineering Journal) Generating random numbers is harder than it looks

Research and Development

Two atoms make quantum memory, processing gate, and test of entanglement (Ars Technica) Entangling atoms from different elements does it all, quantum-wise

Uncrackable quantum cryptography over 'doubled' distances (NTT) Making it possible in the near future to link metropolises within an 800 km radius in an all-photonic way without quantum repeaters

Roadmap to safer cyberspace (National Science Foundation) Report offers a vision for a new generation of experimental cybersecurity research

Cybersecurity Experimentation of the Future (CEF): Catalyzing a New Generation of Experimental Cybersecurity Research (Cyber Experimentation) This report presents a strategic plan and enabling roadmap intended to catalyze generational advances in the field of experimental cybersecurity research. These results represent the conclusions of a study conducted under NSF auspices by SRI International and USC Information Sciences Institute throughout calendar year 2014


Deloitte supports cyber security MSc programme at DMU (Consultancy) The threat to companies from cyber-crime is on the increase. To help combat this hazard, Deloitte, Airbus, BT and Rolls-Royce will provide their expertise to students of the newly developed cyber security MSc from De Montfort University Leicester (DMU), which aims to develop holistic approaches to cyber security

Legislation, Policy, and Regulation

Government IT security under the spotlight after BoM cyber attack (CSO) The recent cyber attack on Australia's Bureau of Meteorology (BOM) has raised fresh concerns about the ability of government departments to withstand sophisticated cyber attacks

Bulgaria to join Microsoft's program against cyber attacks (Xinhua) Bulgaria will join Microsoft's Government Security Program (GSP) in a bid to establish an effective prevention against cyber attacks, the country's Council of Ministers decided here on Wednesday

Encryption And Censorship In A Globalized World (Forbes) Over the Thanksgiving holidays I offered a practical guide to the current encryption debate from the standpoint of what could realistically be accomplished through the proposals being circulated by Western governments

Fact-Checking the Debate on Encryption (Pro Publica) The existence of coded communications is a reality and the U.S. may not be able to do much about it

In debate, Republicans call on tech sector to aid terrorism fight (Christian Science Monitor Passcode) In the wake of the terrorist attacks in Paris and San Bernardino, most Republican candidates are betting that public worries over national security may supersede concerns over free speech and privacy issues

Secrecy Shuts Down a National-Security Debate (Atlantic) On Tuesday night, Ted Cruz and Marco Rubio clashed over NSA surveillance — but they can't tell the public what they're arguing about

Opinion: From Internet shutdowns to 'the encryption problem,' rating the Republicans on tech policy (Christian Science Monitor Passcode) Tuesday's Republican presidential debate in Las Vegas touched on some of the hottest issues in tech but many candidates are way off base when it comes to understanding the Internet

Cybersecurity bill to thwart hackers added to big 2016 spending deal (USA Today) A cybersecurity bill aimed at thwarting huge hack attacks was slipped at the last minute into a massive $1.1 trillion federal spending bill that Congress is poised to pass this week

Controversial Cybersecurity Bill Poised to Pass in Massive Spending Package (National Journal) Congress is about to take its biggest step yet to bolster cybersecurity, but privacy advocates fear it could expand surveillance

9 ways business will benefit from Congress' tax and spending deal (The Business Journals) Congress is closing the year with a bang: Two bills, totaling more than 2,200 pages, that fund the federal government and extend various tax breaks that are important to individuals and businesses

Private Sector Hack-Backs and the Law of Unintended Consequences (Center for Democracy and Technology) Congress is considering legislation to authorize companies to use countermeasures against cyber attacks. However, the legislation could undermine cybersecurity by authorizing victims to "hack back" and cause harm to a third party

U.S. Cyber Commands Launches 13 New Cyber Protection Teams (Government Technology) Federal cyber protection efforts grow this month with new soldiers being deployed across the nation to protect America's digital borders

National Security Agency to Unveil Workforce Restructuring in January (Government Executive) Come January, employees of the National Security Agency will see the fruits of a 10-month "director's charge" review of the top-secret organization's structure, its leader, Adm. Mike Rogers, said on Tuesday night

Air Force closes in on new directive for IT governance (FCW) Air Force officials are drafting a directive that would update the role of the CIO, more clearly aligning it within the service's broader organizational structure, according to a spokesman

The 'electronic Pearl Harbor' (Politico) Eighteen years ago I was the first to use that term publicly. It was the wrong analogy then. Not anymore

The Black Chamber (Economist) The man who made Edward Snowden inevitable

Litigation, Investigation, and Law Enforcement

Brazilian Judge Shuts Down WhatsApp And Brazil's Congress Wants To Shut Down The Social Web Next (TechCrunch) A judge in Sao Paulo has ordered WhatsApp to shut down for 48 hours, starting at 9pm Eastern tonight

Facebook, Google and Twitter agree to German demand to delete hate speech within 24 hours (Naked Security) Facebook, Twitter, and Google have agreed with Germany and will delete hate speech from their services within 24 hours to fight a rising tide of online racism

B.C. government IT systems vulnerable: AG (CBC News) Government risks loss of public trust to safeguard data, says auditor general

Fewer Resources Meets Emerging Technologies: Examining the Next Big Cybercrime (Legaltech News) Panelists at ALM cyberSecure say that the nature of cyber attacks — and how the government defends against them — is shifting

Financial crimes threaten global economy (GhanaWeb) The Director of Public Prosecutions of the Federation (DPPF), Federal Ministry of Justice, Mr. Mohammed Saidu Diri has said that organised crimes and financial crimes are the major threats to the global economic system

Teen Steals $150,000 by Hacking Into Airline's Website (Yahoo! Travel) Most teenagers make money by flipping burgers at McDonalds

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

Upcoming Events

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

cybergamut Tech Tuesday: The Threat Landscape and the Path Forward: Fundamentals of a Risk-Aware Organization (Elkridge, Maryland, USA, January 5, 2016) John McLaughlin of IBM Security provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention will be paid to the protocols engaged,...

CES CyberSecurity Forum (Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...

FloCon 2016 (Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.