skip navigation

More signal. Less noise.

Daily briefing.

ISIS sympathizers resurface with some cyber vandalism of a Georgian ministerial website devoted to EU and NATO integration.

Speaking of ISIS, the terror group draws a surprising comparison from the Daily Beast, which argues that the Caliphate's information operations template was established by Mexican drug cartels. One notes with interest that Mexico is the largest single Hacking Team customer revealed in this week's leaked documents.

The fallout from the Hacking Team breach continues, most seriously in the form of a Flash vulnerability the leaks expose. Cyber criminals, who've already integrated it into the well-known Angler, Neutrino, and Nuclear exploit kits, are now exploiting that vulnerability in the wild. A Flash patch from Adobe is expected hourly; in the meantime security analysts recommend disabling Flash.

Security companies Kaspersky and Symantec identify and describe an attack group variously known as "Morpho" and "Wild Neutron." Apparently a criminal as opposed to a state-sponsored operation (although it's early) Morpho is suspected of intrusion into corporate networks and of specifically targeting physical security systems.

CoreSecurity says it's found a vulnerability in AirLive security cameras.

Android devices are again in the crosshairs of malware developers: new adware and a malicious Nintendo game emulator are among the fresh exploit bait. Dark Reading previews some proofs-of-concept expected at BlackHat.

United Airlines suffered a system-wide issue with support software (flight safety was unaffected) that grounded many passengers this morning.

Australia may soften cyber export-control rules as its government thinks through their consequences. US debate on backdoors and encryption continues.


Today's issue includes events affecting Australia, Azerbaijan, Bangladesh, Bulgaria, China, Egypt, European Union, Finland, Georgia, India, Iraq, Italy, Democratic Peoples Republic of Korea, NATO, Netherlands, Russia, Sudan, Syria, United Kingdom, United States.

Amid a lot of social media panic, is news that the New York Stock Exchange has suspended trading for technical reasons. Early indications are that there's no sign of cyber attack, but of course this bears watching.

Cyber Attacks, Threats, and Vulnerabilities

NYSE floor trading halted; no sign of cyberattack (CNBC) Trading in all symbols was halted on the New York Stock Exchange floor Wednesday due to an apparent technical issue. The NYSE tweeted that there was no sign of a cyberattack

Website of Ministry for Euro-Atlantic Integration of Georgia, NATO Hacked by ISIS Hackers (HackRead) The ISIS hackers just hacked a high-profile website funded by the European Union

What ISIS Learned From the Cartels (Daily Beast) Social media. Beheadings. Dogma. Empty promises. ISIS is copying the Mexican cartel playbook to a T

Pizza Hut Israel Website Hacked with a Warning for Indian Government (HackRead) You've seen us posting news about pro-Palestinian hackers targeting Israeli sites or vice versa, but did you ever think of Bangladeshi hackers targeting Israeli website to post a message against India? Well, it happened today

Flash malware that gives you a free security update (Naked Security) After a quiet period where you might have thought that cybercrooks had given up on Flash, Adobe's browser plugin is back in the news

Hacking Team Flash Zero Day Weaponized in Exploit Kits (Threatpost) Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team

Hacking Team Adobe Flash Zero-Day Exploited By Money-Hungry Criminals (Forbes) In recent years, crypto luminary Bruce Schneier has noted that today's surveillance tools are tomorrow's cybercriminal playthings. Hacking Team has offered proof of that, as one of its zero-days — unpatched and previously-unknown software vulnerabilities — is being exploited by crooks

Turn FLASH OFF NOW until the patch comes: Hacking Team exploit is in the wild (Register) It's out there and you're wide open to it until tomorrow

Hacking Team, the Surveillance Tech Firm, Gets Hacked (Wall Street Journal) A company that sells software allowing governments to hack into computers has itself been hacked, and files posted late Sunday indicate it sold surveillance technology to dozens of countries, including Sudan, Egypt, Russia and the U.S

Mexico Is Hacking Team's Biggest Paying Client — By Far (Vice) Mexico is by far the biggest paying client of Hacking Team, the Italian cyber-surveillance firm now at the center of a massive hack of its internal data, documents show

Hacking Team scrambling to limit damage brought on by explosive data leak (Help Net Security) Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies?

Behind the curtain of the Hacking Team hack (CSO) The world watched on as Hacking Team was publicly stripped and flogged — virtually at least — over the last couple days. My colleague Steve Ragan covered the unfolding events in exquisite detail and today the dust continues to settle as we sift through the 400GB of leaked data and find the salacious, juicy tidbits

Meet the hackers who break into Microsoft and Apple to steal insider info (Ars Technica) Almost 50 companies have been hacked by a shadowy group

Flaw allows hijacking of professional surveillance AirLive cameras (Help Net Security) Nahuel Riva, a research engineer from Core Security, discovered vulnerabilities in AirLive's surveillance cameras designed for professional surveillance and security applications. He was able to invoke some CGIs without authentication, while backdoor accounts allowed him to execute arbitrary OS commands on the device

Android malware masquerades as Nintendo game emulator (IDG via CSO) A new family of Android malware adds insult to injury by making users pay for the data-stealing application

Gunpoder Android Malware Hides Malicious Behaviors in Adware (Threatpost) A stream of new Android malware infections is sounding a harsh tone on two fronts: hackers are making free and open source applications their own; and legacy security software needs to step up detection of adware behaving maliciously

6 Emerging Android Threats (Dark Reading) A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month

Whoa! Nearly 5,000 new Android malware samples discovered each day in Q1 2015 (Graham Cluley) A security firm has revealed that nearly 5,000 unique Android malware files were created each day during the first quarter of 2015

Profiling and Investigating Abnormally Malicious Chinese Autonomous Systems With WEBINT (Recorded Future) CHINANET AS 23650 in Jiiangsu province is part of a highly modern TIER 4 network owned by China Telecom, claimed to be the world's largest. We compare CHINANET AS 23650 to other autonomous systems part of CHINANET as well as additional independent autonomous systems. By comparison, AS 23650 is abnormally malicious over time, with some co-occurring activities in adjacent CHINANET infrastructure. We identify the likely location of the problematic activity. We find indications that third-party hosters with less than great reputation, such as MangoNet, are selling capacity on CHINANET, and hence potentially polluting the CHINANET infrastructure

Hacker attacks gambling websites, demands Bitcoin ransom ( A hacker shut down four New Jersey Internet gambling sites for half an hour last week and threatened more cyberattacks over the holiday weekend unless a ransom was paid using the online currency Bitcoin, authorities said Tuesday

Another system-wide computer glitch grounded United Airlines this morning (Quartz) Travelers with tickets for United Airlines flights were stopped cold at US airports this morning, due to a system-wide computer glitch. Starting around 7:30 am ET, passengers were unable to check in for their flights and all United planes not currently in the air were grounded. The Federal Aviation Administration said the cause was "automation issues"

Security Patches, Mitigations, and Software Updates

Warning over Adobe Flash vulnerability revealed by Hacking Team leak (Guardian) Tech company promises patch within a day for major new flaw uncovered by leak of 400GB of documents from hacking firm

Adobe to Patch Hacking Team's Flash Zero-Day (KrebsOnSecurity) Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks

CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating (ISC Knowledge Base) An attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause that resolver to fail an assertion and terminate due to a defect in validation code

Cyber Trends

All Information Security Is Cyber Security. All Information Security Must Change. (SecurityWeek) Cyber security is a nation-first, vendor-second issue. Recent events have frighteningly underscored the requirement to fundamentally rethink our approach to information security lest our economy, our very way of life suffer drastically

GAO: Financial Orgs Need Better Security Analytics and Threat Intelligence (Dark Matters) A new report from the U.S. Government Accountability Office (GAO), which sought to determine the efficacy of security audits for banks, thrifts, and credit unions, found that gaining access to actionable threat intelligence is "challenging" for financial institutions


The Role of the Board In Cybersecurity: 'Learn, Ensure, Inspect' (Dark Reading) Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk

Symantec reportedly close to selling Veritas to Carlyle for $7B-$8B; SYMC +2.7% (Seeking Alpha) Bloomberg reports Symantec (NASDAQ:SYMC) is "nearing a deal" to sell its Veritas storage software unit (currently set to be spun off) to P-E firm Carlyle (NASDAQ:CG) for $7B-$8B. For reference, Symantec closed today with a $15.4B market cap

Dashlane bullish about the future despite LastPass hack (ComputerWeekly) Password management firm Dashlane is confident its business model will evolve and continue to be relevant even if passwords eventually disappear

Hacking Team Plans to Continue Operations (Threatpost) It has been absolutely brutal week for Hacking Team. All of the company's documents, internal communications, emails with customers, and invoices have been published, including its dealings with oppressive regimes and customers in sanctioned countries. But even with all that, company officials said they have no plans to cease operations, even as they're asking customers to stop using their surveillance products for the time being

Days after Hacking Team breach, nobody fired, no customers lost (Ars Technica) Eric Rabe: "The company is certainly in operation, we have a lot of work to do"

Microsoft announces 7,800 layoffs and will write down $7.6 billion from Nokia (Quartz) Microsoft announced today it would cut up to 7,800 positions, primarily from its Nokia mobile phone business, and will write down $7.6 billion related to its purchase of Nokia. Microsoft's 2013 acquisition of Nokia — one of former CEO Steve Ballmer's last big plays — increasingly looks like a mistake

Products, Services, and Solutions

Comparing the top security analytics tools in the industry (TechTarget) Expert Dan Sullivan examines the top security analytics products to help readers determine which may be best for their organization

Technologies, Techniques, and Standards

IEEE group recommends random MAC addresses for Wi-Fi security (CSO) The Wi-Fi protocol needs to be updated to use randomly generated MAC addresses for better security and privacy

SEBI Issues Risk Framework Guidelines (BankInfoSecurity) Experts: take a holistic approach to risk assessment

6 Encryption and Cryptography Pitfalls to Avoid (Information Management) When it comes to data security, many pundits point to cryptography and encryption as cure-alls that can safeguard structured and unstructured data

8 penetration testing tools that will do the job (CSO) If the probability of your assets being prodded by attackers foreign and domestic doesn't scare the bejesus out of you, don't read this article. If you're operating in the same realm of reality as the rest of us, here's your shot at redemption via some solid preventive pen testing advice from a genuine pro

Web monitoring software helps keep employees honest (TechTarget) Web monitoring software can block use of Facebook and HBO at work, but also raises privacy concerns

Social media etiquette for Jim Carrey (and everyone else) (Naked Security) Actor Jim Carrey has apologized for tweeting the photo of a child with autism and tuberous sclerosis without asking for permission from the boy's parents

Design and Innovation

Twitter's New AI Recognizes Porn So You Don't Have To (Wired) Clément Farabet deals in artificial intelligence. As a research scientist at New York University, he built brain-like computing systems that identified objects in photos and videos, and then he launched a startup where he did much the same thing. He and his co-founder called it Madbits, and 18 months later, Twitter snapped it up


Illinois' Elite Cybersecurity Talent to Participate in U.S. Cyber Challenge Camp & Competition at Moraine Valley Community College (US Cyber Challenge) USCC endeavors to close the cybersecurity workforce gap

Legislation, Policy, and Regulation

DigiLocker Storage Service Launched (BankInfoSecurity) First new offering under Digital India Initiative

Home Office kept schtum on more than 30 data breaches last year (Register) More non-reported incidents; fewer actual reported incidents. Trebles all round!

Oz Defence Dept 'not punitive' with crypto export controls (Register) David Hook of Bouncy Castle fame, says consultations are hosing down fears

CSAIL report: Giving government special access to data poses major security risks (MIT News) Whether "backdoor" or "front-door," government access imperils your data, report authors say

Law enforcement backdoors open corporate networks to criminals (Network World via CSO) Legal access to secure communications will result in more risk for corporate secrets

FBI Director Comey's false dilemma: "ban encryption or accept terrorism" (Conversation) James Comey, Director of the FBI is the latest to add his voice to the call for a ban on the use strong encryption. In a blog post, Comey outlines the potential costs to public safety that come with security services not being able to intercept communications. In particular, he uses the threat of ISIL (ISIS) recruiting "troubled" US citizens and convincing them, over encrypted messaging apps, to "kill people"

Even Einstein Couldn't Fix Cybersecurity (GovTech) The Einstein and Continuous Diagnostics and Mitigation cybersecurity programs have been hailed as the cornerstone of repelling cyberthreats in real-time — but it turns out this is not actually the case

Hillary Clinton: Cyber Legislation in Congress Is 'Not Enough' to Stop Foreign Hackers (National Journal) "It's not only the Chinese. We know that other governments — Russia, North Korea, Iran — have either directly or indirectly sponsored hacking"

CHIME calls for dropping federal prohibition against unique patient identifiers (FierceGovHealthIT) The College of Healthcare Information Management Executives, or CHIME, has made recommendations to Congress that the industry group says can improve health information exchange, electronic health records and other health IT technical challenges

Archives clears up FOIA website confusion (FierceGovernment) With the launch of the openFOIA website last month, the National Archives and Records Administration has laid out what information requesters and Freedom of Information Act office workers can get from the three main FOIA-related federal websites

Litigation, Investigation, and Law Enforcement

Dutch MEP whacks Hacking Team over embargo-busting (Register) We need to talk about Sudan and human rights

NSA actually snooped on criminals (FierceITSecurity) I know what you are thinking. Not another leak by Edward Snowden about how the National Security Agency is violating the privacy rights of individuals and world leaders. Well, guess what. The NSA actually used its all-pervasive surveillance technology to target criminals launching distributed denial-of-service attacks and exchanging data on criminal activities in hacker forums

Former attorney general calls Snowden deal possible (IDG via CSO) The "possibility exists" for the U.S. Department of Justice to cut a deal that would allow surveillance leaker Edward Snowden to return to the U.S., a former attorney general said in a media interview

No jail for Lizard Squad member guilty of 50,700 cybercrime charges (Naked Security) A 17-year-old member of notorious hacking gang Lizard Squad has escaped jail time, despite being convicted of 50,700 computer crime charges

Tax fraudster who hacked accounting firms pleads guilty in US court (Naked Security) A Bulgarian hacker admitted on Monday his involvement in a $6 million tax fraud scheme using personally identifiable information stolen from the networks of several accounting firms

Judge overturns conviction of Goldman Sachs programmer for stealing code (Naked Security) In a case that illustrates just how sticky it can be to prosecute insider crime, the US Supreme Court on Monday dismissed the second criminal conviction of a former Goldman Sachs programmer who copied 32MB of what he claimed was open-source code

14 days running a secret Dark Web pedophile honeypot (and why I now think Tor is the devil) (Geek Slop) Before discoursing the lengthy analysis of the Dark Web honeypots (there were three), let's answer the question that is surely on everyone's mind — did the honeypot allow me to reveal the true identity of the person visiting the Tor site? In many cases enough evidence was gathered to provide a pretty good guess or at least a good launching point for identification of the person that visited the site. Surprisingly, in some cases, the identity of the person was undeniably revealed and included the person's name, unique personal computer footprint, and true external IP address (see partial data example above). And to answer the second question, "no", this did not require the placement of malicious malware

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

Upcoming Events

Securing Your Digital Assets (New York, New York, USA, July 14, 2015) Privacy and data security are a growing concern across all industries, and any breach of corporate or personal digital assets threatens financial and reputational harm. With all of the news and educational...

National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, July 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered...

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

SINET 16 Application Deadline (San Francisco, California, USA, July 17, 2015) Innovative solutions frequently come from new and small companies. Our goal is to provide entrepreneurs from all over the world an opportunity to increase their product awareness to a select audience of...

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

International Symposium on Forensic Science Error Management (Washington, DC, USA, July 20 - 24, 2015) The symposium will give forensic science practitioners and researchers from around the world the opportunity to discuss best practices for identifying and reducing errors in forensic science laboratories.

The APTs are coming (New York, New York, USA, July 21, 2015) With cyberespionage and Advanced Persistent Threats (APTs) on the rise, it's important to understand today's threat landscape-and the ways you can keep your company safe. Join LIFARS, Kaspersky Lab, Cyphort,...

Cyber Risk Wednesday: Rethinking Commercial Espionage (Atlantic Council: Brent Scowcroft Center on International Security, July 29, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on July 29 from 4:00 p.m. to 5:30 p.m. for a discussion on new ideas on commercial cyber espionage and intellectual property theft

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, July 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers

PragueCrunch IV: The Enpraguening (Prague, Czech Republic, July 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event...

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, August 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by...

BSides Las Vegas (Las Vegas, Nevada, USA, August 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.