skip navigation

More signal. Less noise.

Daily briefing.

ISIS has shown dismayingly effective information operations online and (especially) in social media. Observers see signs it may be acquiring broader, more sophisticated espionage and attack capabilities as well — ISIS isn't by any stretch the DPRK "city killer" of recent imagination, but its reach is growing. Note that June 29 is reckoned the Caliphate's anniversary: security specialists suggest increased vigilance as that date approaches.

Israeli cyber operators report a Hezbollah cyber campaign more advanced than any the group has hitherto undertaken.

Lawfare offers interesting speculation on the alleged Stuxnet whiff on Pyongyang's nuclear program.

A hacktivist group calling itself "Unicorn Nocturne" claims (in what Lawfare would probably call a "thinly sourced" story) to have pwned the security organs of the Chinese Communist Party.

Airbus confirms that flawed engine control software brought down the A400M destined for Turkey.

ESET tracks new variants of the Linux/Moose malware family, these designed not only for DDoS, but also to goose social media stats.

The IRS post mortems continue as revenue agencies look to avert return fraud as observers note how PII compromises cascade from enterprise to enterprise. Bay Dynamics CEO Rifai draws some lessons on the importance of detecting anomalous behavior. EY expert Remnitz outlines the coming trends in cyber crime.

The Japan Pension Service is also compromised.

The next moves on US surveillance policy now rest fully with Congress.

Some wonder if crooks scamming crooks in cyber black markets is karma. We prefer to see it as a smack-down by the invisible hand.


Today's issue includes events affecting Australia, China, European Union, France, Iraq, Israel, Japan, Palestine, Russia, Spain, Syria, Turkey, United Nations, United States.

The CyberWire will be in Northern Virginia this Wednesday, reporting from TechExpo's DC Metro Cyber Security Summit.

Cyber Attacks, Threats, and Vulnerabilities

A Deadly Mistake: Don't Underestimate ISIS in Cyberspace (National Interest) The nature of ISIS's online presence is intended to do three things. Firstly, and most importantly for the longevity of its existence, it's intended as a mechanism to attract and recruit members to its ranks. Secondly it's a means through which ISIS aims to strike fear into the hearts of all that come across its frequently gruesome propaganda. Both objectives are well documented, but a third dimension to the ISIS presence online is emerging: their attempts to use cyberspace for offensive purposes

Cyberattack tied to Hezbollah ups the ante for Israel's digital defenses (Christian Science Monitor Passcode) A sophisticated malware campaign recently discovered by an Israeli firm has been linked to Hezbollah, suggesting that the militant group has more advanced technological skill than previously thought

The Failed North Korean Cyber Attack (Lawfare) According to this report from Reuters, the Unites States tried, but failed, to implant a Stuxnet-like virus within the North Korean nuclear weapons program operating system. The effort failed due, it is said, to North Korea's extreme isolation of its communication system. What are we to make of this report (which, I hasten to add, is lightly sourced — much more lightly than, say, the original New York Times piece outing Stuxnet) assuming it is true?

Chinese Hackers Steal Data From Powerful Party Security Agency (Epoch Times) Most Chinese hackers usually seem to work for the state in one way or another, pilfering the commercial secrets of companies abroad and feeding them back to state-run firms. But another group is instead targeting the Chinese Communist Party itself

Airbus confirms software configuration error caused plane crash (Ars Technica) Airbus A400M flight recorder data confirms "quality issue" in setup caused failure

Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit (Palo Alto Blogs) What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it

ESET uncovers new Linux/Moose malware threat (SecurityWatch) Security specialists ESET has discovered a new threat from the Linux/Moose malware family that is generating fake activity on social networks, the company announced today

New remote exploit leaves most Macs vulnerable to permanent backdooring (Ars Technica) Hack allows firmware to be rewritten right after Macs made before mid-2014 sleep

Ransomware creator apologizes for 'sleeper' attack, releases decryption keys (NetworkWorld) Criminal with a soft spot relents on successful Locker ransomware campaign and offers free decryption for victims. Refunds don't appear to be coming, however

XSS flaw exposed in IBM Domino enterprise platform (ZDNet) A cross-site scripting vulnerability, allegedly ignored by IBM, has been revealed in the public domain

DYRE Banking Malware Upsurges; Europe and North America Most Affected (TrendLabs Security Intelligence Blog) Online banking users in Europe and North America are experiencing the upsurge of DYRE, a malware family notorious for the multiple ways it steals data and its ties to parcel mule scams, among others

Researchers: Hola Fixes Incomplete (Threatpost) Hola, a popular, free, peer-to-peer service that enables anonymous surfing and access to blocked online resources, said today it has patched vulnerabilities discovered last week that expose its millions of users to possible code execution, remote monitoring and other threats to privacy and security

Hola! TV geo-block botters open bug bounties (Register) Bot shop's security chop shot

IRS Using 13-Yr. Old Microsoft Software (Fox Business) IRS computers are still running the 13-year old Microsoft (MSFT) Windows XP operating software which Microsoft stopped supporting a year ago with security updates

Why IRS breach is bigger than you think: Frank Abagnale (CNBC) The data breach involving IRS files affects many more people than taxpayers think, conman-turned-consultant Frank Abagnale said Monday

IRS breach shows the importance of PII security (TechTarget) A breach of the IRS' Internet tax form service "Get Transcript" exposed the personal information and tax filings of thousands of people

IRS Data Breach — A 'Teachable Moment' for Government Agencies (Legal Tech News) Internal reports show that cybersecurity budgets within the IRS were insufficient and the fallout of failure could change its priority in government organizations

States Seek Better Mousetrap to Stop Tax Refund Fraud (KrebsOnSecurity) With the 2014 tax filing season in the rearview mirror, state tax authorities are struggling to incorporate new approaches to identifying and stopping fraudulent tax refund requests, a $6 billion-a-year problem that's hit many states particularly hard this year

Seeing Through the Outsider's Insider Mask: Reflections on the IRS Breach (The CyberWire) We spoke with Bay Dynamics CEO Feris Rifai on the lessons he thinks we can draw from the breach of the US Internal Revenue Service's "Get Transcript" service

The Future of Cyber Crime, and What Enterprises Can Do About IT (The CyberWire) The CyberWire was able to hear David Remnitz speak at 2015's inaugural Billington Corporate Cybersecurity Summit in New York. We caught up with him after the conference to discuss the future of cyber crime, and what enterprises can do about it

A Look at the Real Social Engineers (Tripwire: the State of Security) Since the very first day I started working in the information security industry, I have found everything to be just so interesting and fascinating

3 Lessons From Heartland Breach The Second Time Around (Dark Reading) While not even a drop in the bucket compared to its last breach, Heartland's exposure this week does offer some lessons to the security community

Hackers stole personal info of over a million of Japanese pensioners (Help Net Security) Personal information of some 1.25 million of Japan's pensioners has been compromised and some of it was leaked following a successful breach of Japan Pension Service's computer systems

Hackers Expose 49% of FT 500 Europe (Recorded Future) Recorded Future analysis identified recent employee credential exposures for at least 49% (244) of the FT 500 Europe, a Financial Times listing of Europe's largest companies

Woolworths' Self-Inflicted Breach A Clear Example Of Insider Negligence (Dark Reading) Australian grocer sent master spreadsheet of customer information and redeemable codes for thousands of gift cards to hundreds of customers

Social media gives clues to security questions (USA TODAY) What was your high school mascot?

SourceForge locked in projects of fleeing users, cashed in on malvertising [Updated] (Ars Technica) "Hotel California" of code repositories lets you check out, but you can never leave

Keep My Opt-Outs, the Google Chrome privacy extension, hasn't been updated for years (Graham Cluley) Many internet users aren't too keen on being tracked by ad-tracking cookies as they surf the web

Are hackers experiencing karma in the Underground Economy? (HackRead) The underground economy is a large group of websites that make it possible for hackers and fraudsters to trade illegal services and stolen goods such as credit card and online account credentials

Security Patches, Mitigations, and Software Updates

Facebook just made a move that will infuriate law enforcement (Business Insider) Facebook has announced it is letting users add encryption keys to their profiles and opt in to have notification emails sent in an encrypted format

New Google My Account Manages Privacy, Security Settings (Threatpost) Less than a week after announcing some welcome changes that keep Android mobile app permissions in check, Google on Monday announced a new privacy and security settings tool

Cyber Trends

Security vendors guilty of virtualization 'gap' (Channelnomics) Partner says security vendors lack in securing customers moving to cloud

3 Reasons IT Security Breach Costs Keep Rising (MSPMentor) Last week the Ponemon Institute rolled out the results of yet another Global Cost of Data Breach report and, surprising very few people in the security world, the stats show costs rising again

Over 12,000 DDoS Victims Recorded in First Quarter of the Year (Softpedia) Longest assault lasted for about six days

Phishing study finds major brands heavily targeted, niche sites also at risk (Naked Security) Phishing experts at the Anti-Phishing Working Group (APWG) have released their latest global survey, revealing the latest trends observed in the second half of 2014

Surfing porn, downloading apps: Employees ignore obvious cyber risks at work (First Post) Blue Coat Systems, Inc., enterprise security solution provider, revealed the results of a global research study of 1580 respondents across 11 countries that highlighted a global trend of employees ignoring cyber risks while at work

Are some reading the Verizon breach report?s mobile section all wrong? (CSO) "Mobile malware is not a problem." "Enterprises, ignore mobile threats; they're not there." "You're more likely to be struck by lightning than by mobile malware"

Can Tweeters be tamed? (Christian Science Monitor) In an age of uncivil social media, a simple tweet can bring a torrent of threats and taunts. Can anything be done to stop the 'trolls?'


A fundamental shift in security spending (Help Net Security) Firms are shifting their cyber security spend away from traditional Prevent & Protect approaches towards Detect & Respond operations, according to Pierre Audoin Consultants (PAC)

Confusion regarding strategic defenses for network security (Help Net Security) RedSeal uncovered a high level of confusion regarding security issues in the network infrastructure. Nearly 60% of the 350 C-level executives surveyed believe they can "truthfully assure the board beyond a reasonable doubt" that their organization is secure, a surprising show of confidence in an environment where many reports reveal a high incidence of network breaches in up to 97% of all companies

Execs admit 'blind spots' hurt network security: report (ZDNet) The majority of C-level executives say it is impossible to protect what they cannot fully see or understand

CSO's CISO Executive Career and Leadership Success Guide (CSO) What CISOs need to know to adapt and succeed

Cyber Security And The CIO: Changing The Conversation (InformationWeek) Do CIOs have an inherent conflict of interest when it comes to security? What should be their InfoSec involvement?

Cyphort Raises $30 Million in Series C Funding Led by Sapphire Ventures (Street Insider) Cyphort, a pioneer of Advanced Threat Defense (ATD) solutions, today announced it has secured $30 million in Series C funding

French connection creates web content mining powerhouse (BusinessWeekly) A new powerhouse in web content mining, with a particular edge in cyber security, has been created by an all-French acquisition

HP ConteXtream acquisition complements open NFV work (TechTarget) Hewlett-Packard's acquisition of ConteXtream is likely to bring a number of valuable features to HP's upcoming open NFV products

Elastica snaps up Exclusive Networks (ChannelPro) Exclusive to develop channel for cloud app security vendor Elastica

Key Cisco executives to step down alongside John Chambers (ComputerWeekly) Cisco's COO and sales chief are both understood to be leaving as Chuck Robbins takes over as CEO from John Chambers in July

Hexis Cyber Solution's Katherine Russ-Hotfelter Named to 2015 CRN Women of the Channel List (Nasdaq) Russ-Hotfelter recognized second year in a row for strategic leadership

Centrify's Holly Adams Named to 2015 CRN Women of the Channel List (BusinessWire) Centrify Corporation, the leader in unifying identity management across cloud, mobile and data center, today announced that Holly Adams, head of channel marketing for Centrify, has been named to The Channel Company's prestigious 2015 CRN® Women of the Channel

Products, Services, and Solutions

Security Watch: HP and FireEye team up for threat detection (CSO) HP and FireEye have announced a partnership to make incident response, compromise assessment and threat detection offerings available to HP Enterprise Services' most strategic clients globally

Wearable security: Authentication apps for Apple Watch (Macworld) The Apple Watch could become our central hub in a wheel of identity, in which all spokes rotate around our wrist

Light Point Security Provides Safe Downloads with Metascan (Benzinga) Light Point Web uses Metascan to scan downloads with 40+ anti-malware engines to provide users with advanced threat protection

BalaBit Announces Availability of Update to Its Flagship Product Shell Control Box (Sys-Con Media) New version of BalaBit's Privileged User Management Solution features focuses on PCI DSS compliance requirements

Fortinet Unveils New FortiGuard Mobile Security Subscription Service (Channel EMEA) Reinforces company's commitment to helping enterprises of all sizes deploy, manage and secure networks in a mobile era

Radware Launches New Device Fingerprinting Technology to Mitigate Malicious Bot Attacks (Dark Reading) Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service level for applications in virtual, cloud and software defined data centers, today announced enhanced protection from threats posed by advanced bots through its Attack Mitigation System

Technologies, Techniques, and Standards

Experts divided on security implications of DOJ's deal with Box (CSO) Security experts are divided about the U.S. Department of Justice's decision to use Box

The challenges of data classification (Help Net Security) We are living in a data driven society with globalizing economies, data transfer, and ubiquitous access to everything from everywhere

How to reduce the risk of social engineering attacks (ComputerWeekly) Implement simple checks to reduce the risk of the main types of social engineering attacks

Which malware lures work best? (Help Net Security) More often than not, malware peddlers' main goal is to deliver their malicious wares to the maximum number of users possible. Choosing the right lure is crucial to achieving that goal

Detecting Lateral Movement (Windows Incident Response) Almost two years ago, I posted this article that addressed how to track lateral movement within an infrastructure. At the time, I'd been using this information successfully during engagements, and I still use it today

Protecting Client Data: Shoring Up Information Security at Law Firms (Duo Security) According to Marsh's 2014 Global Law Firm Cyber Survey published early this year, nearly 80 percent of law firms consider cyber security and privacy to be one of their firm's top 10 risks, but 51 percent said they have not taken measures to reduce cyber risk

Don't get distracted in the cyberbattle (CSO (Australia)) Telstra's CSO Mike Burgess says it's critical to avoid distractions when fighting against cybercriminals

Design and Innovation

How the Tech Behind Bitcoin Could Stop the Next Snowden (Wired) The National Security Agency knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are. What it doesn't know is just how much information the whistleblower took with him when he left

Russian billboard advertising contraband hides when it recognises cops (Naked Security) Moscow's Don Giulio Salumeria promises "small islands of warm and sunny Italy," offering authentic Italian prosciutto, ricotta, mozzarella and tiramisu for sale in the cold lands of Russia

Cookie warnings: Useless and bad for security? (Help Net Security) Cookies are the official and standard and preferred way of keeping state in the (otherwise) stateless HTTP protocol

Research and Development

Battle alien invaders, explore kingdom of monsters to help DARPA find software bugs (FierceGovernmentIT) The Defense Advanced Research Projects Agency, or DARPA, released a new set of publicly accessible online games designed to crowdsource analysis of software applications to test their security


Cybersecurity Program Launches in Kansas City (Webster Today) The new Kansas City metro location at 10450 Holmes Street has about 19,000 square feet designed to encourage collaboration among students and faculty

Legislation, Policy, and Regulation

At first-ever conference, UN takes aim at cyber-threats against nuclear safety (UN News Centre) The international community must intensify efforts to protect the world's nuclear facilities from cyberattacks, the head of the United Nations nuclear watchdog declared today

Either way, no more NSA collection of U.S. phone records (MIlitary Times) However Congress resolves its impasse over government surveillance, this much is clear: The National Security Agency will ultimately be out of the business of collecting and storing Americans' calling records

Patriot Act provisions lapse: Is the U.S. less safe today? (CBC) Opinions are mixed on whether expired provisions of the Patriot Act will put U.S. security at risk

Why the US Patriot Act's expiration is so dangerous (Telegraph) The non-renewal of the Patriot Act limits the reach of the US intelligence community in a time when their service is needed more than ever

Sunset of Section 215 Means All Eyes on USA Freedom Act (Threatpost) The sun may have set at midnight on Section 215 of the PATRIOT Act, putting a temporary halt to the NSA's bulk collection of phone call metadata, but privacy champions and legal experts point to May 7 as the day the lights dimmed on that facet of the government's surveillance efforts

With sections of Patriot Act expired, attention focuses on surveillance reform bill (Christian Science Monitor Passcode) The Senate is expected to begin debating the USA Freedom Act as early as Monday afternoon. Yet both privacy advocates who oppose NSA phone records collection and security hawks object to the bill for different reasons

Opinion: Why Congress should not pass USA Freedom (Christian Science Monitor Passcode) While it has been hailed as a surveillance reform bill, the USA Freedom Act would immediately ramp back up the collection of billions and billions of records about our everyday actions

Don't (Just) Let the Sun Go Down on Patriot Powers (Motherboard) A handful of provisions of the sprawling USA Patriot Act are now all but certain to at least temporarily expire at the end of the month, including the controversial section 215, the basis of the National Security Agency's notorious bulk telephone records dragnet

Newly Declassified Documents (IC on the Record) Today we've added newly declassified documents to two prior posts: The Department of Justice Releases Additional Documents Concerning Collection Activities Authorized by President George W. Bush Shortly After the Attacks of September 11, 2001 — Published December 12, 2014; Release of Documents Concerning Activities under the Foreign Intelligence Surveillance Act — Published March 3, 2015

Congress: US military highly vulnerable to cyber attacks (Fox News) Congress wants the Pentagon to spend more than $200 million to identify holes in U.S. weapons and communications software that could allow foreign militaries to disrupt or defeat advanced arms in cyber attacks

EPA must tackle several cybersecurity issues to deal with persistent threats, watchdog says (FierceGovernmentIT) With advanced persistent cyber threats continuing to pose a challenge, the Environmental Protection Agency needs to make some tough choices on where it can spend its limited security budget to make the most impact, according to a recent report by the agency's watchdog

Defending the Cyber Nation: Lessons from Civil Defense (War on the Rocks) If you grew up during the Cold War, as we both did, you probably remember all sorts of ways that we prepared for the possibility of a nuclear attack

Japan and the United States to Deepen Cybersecurity Cooperation (Diplomat) The growing threat of digital attacks moves Washington and Tokyo closer together in trying to secure cyberspace

Litigation, Investigation, and Law Enforcement

Cyber criminals cashing in on digital currencies (ITProPortal) In the digital age, money is rapidly evolving into lines of computer code which can easily be hacked, ransomed or stolen by organised criminal gangs (OCGs)

If lax security leads to a data breach, your insurer may not pay out (Lumension) It all started with the kind of story that we're sadly all too familiar with

Proposed rule change to expand feds' legal hacking powers moves forward (Ars Technica) Change would allow one judge to authorize "remote access" basically anywhere

Proving an Online Threat Is a Threat Just Got a Lot Tougher (Wired) On Monday, the Supreme Court overturned the 2011 conviction of Anthony Elonis, a Pennsylvania man who was sentenced to jail time for writing a series of threatening Facebook posts

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Gartner Security & Risk Management Summit (National Harbor, Maryland, USA, June 8 - 11, 2015) Gartner Security & Risk Management Summit 2015 provides you with best practices and strategies so you can maintain cost-effective security and risk programs in order to support digital business and drive...

Cornerstones of Trust 2015 (San Mateo, California, USA, June 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been...

Upcoming Events

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...

International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing...

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage...

NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, June 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and...

ASIA (Annual Symposium on Information Assurance) (Albany, New York, USA, June 2 - 3, 2015) ASIA is an event held jointly with the 18th Annual New York State Cyber Security Conference (NYSCSC), aiming to attract researchers and practitioners alike for engaging talks about information security...

Infosecurity Europe 2015 (London, England, UK, June 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and...

Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, June 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...

7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, June 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat

Seventh Annual Information Security Summit (Los Angeles, California, USA, June 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive,...

ShowMeCon 2015 (St. Louis, Missouri, USA, June 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.