skip navigation

More signal. Less noise.

Daily briefing.

A hacker defaces a Lithuanian army site to announce (falsely, obviously, but it needs to be said) that NATO was preparing an incursion into Russia's Kaliningrad enclave, a minor episode that should nonetheless inspire thought about cyber Tokin Gulf Incidents (as opposed to cyber Pearl Harbors).

Al Qaeda and ISIS are reported to have adopted various encryption tools to defeat the cyber surveillance the groups are under. Pakistan's government announces its intention to take on jihadist information operators, but observers doubt they've got the wherewithal to do so effectively.

The US Congress gives the Office of Personnel Management a very uncomfortable ritual grilling (its director was offered the opportunity to apologize and resign; she declined) as lessons continue to be drawn from OPM's breach. China's government still denies involvement, albeit in the context of general condemnations of hacking as such, but US investigators say they've got "high confidence" China was involved.

Received an email from Angela Merkel? It's unlikely the German chancellor is using a Polish domain.

New phone exploits are discussed. Typosquatting facilitates scareware distribution. Small businesses are being disrupted with low-tech scams.

Cyber threats to aircraft draw attention at the Paris Airshow.

Adobe patches Adobe Photoshop Creative Cloud (CC) and Bridge CC.

Practitioners share incident response and recovery advice.

Former US Department of Homeland Security Assistant Secretary for Policy Baker debunks surveillance myths, indelicately desiring their purveyors to render backdoor obeisance.

The FBI investigates the St. Louis Cardinals baseball club for alleged intrusion into non-rival Houston Astros' systems.

Notes.

Today's issue includes events affecting Australia, China, France, Germany, Indonesia, Iraq, Israel, Lithuania, Nigeria, Pakistan, Philippines, Poland, Russia, Syria, Taiwan, United Arab Emirates, United Kingdom, United States, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

Lithuanian Armed Forces Website Hacked, Defaced with False Information (HackRead) Someone hacked the official website of Lithuanian Armed Forces and posted false information about NATO ready to attack Kaliningrad Oblast

Encryption Technology Embraced By ISIS, Al-Qaeda, Other Jihadis Reaches New Level With Increased Dependence On Apps, Software (MEMRI) Anyone can now communicate securely via an untraceable throwaway smartphone, purchased online, including on Amazon

Operation Lotus Blossom: A New Nation-State Cyberthreat? (Palo Alto Networks) Today Unit 42 published new research identifying a persistent cyber espionage campaign targeting government and military organizations in Southeast Asia. The adversary group responsible for the campaign, which we named "Lotus Blossom," is well organized and likely state-sponsored, with support from a country that has interests in Southeast Asia. The campaign has been in operation for some time; we have identified over 50 different attacks taking place over the past three years

OPM Breach Dates Back to December (Threatpost) The attack on the Office of Personnel Management that was disclosed earlier this month began as early as December 2014 and likely was the end result of a social engineering attack that enabled the hackers to gain valid user credentials and move around OPM's network

Fed agency blames giant hack on 'neglected' security system (AP via NorthJersey.com) The agency that allowed hackers linked to China to steal private information about nearly every federal employee — and detailed personal histories of military and intelligence workers with security clearances — failed for years to take basic steps to secure its computer networks, officials acknowledged to Congress on Tuesday

美国政府400万雇员资料被窃 称攻击来自中国 (中国搜索) 核心提示:“是一个具有高价值的攻击目标,我们有大量的人事信息记录,这是我们的对手需要的”

What local cyber attacks? US personnel data breach not isolated event (Mandarin) The massive cyber attack against the US government is not an unusual event. Such attacks happen all the time, but victims either don't realise or refuse to share the valuable threat intelligence that is vital to the global fight against cyber attacks

German chancellor Angela Merkel's own PC hit by malware… or was it? (Hot for Security) Poor old Angela Merkel. The German Chancellor just isn't having much luck with hackers

Merkels E-Mail und andere angebliche Hacks (Alvars Blog) Oh, eine Mail von Angela Merkel ‹noch.nicht.mal.mutti[at]irgendwo.pl›. Das hat die Merkel doch bestimmt selbst geschrieben. Oder? Nein

Botnet-based malicious spam seen this week (Internet Storm Center) Botnets continually send out malicious spam (malspam). As mentioned in previous diaries, we see botnet-based malspam delivering Dridex and Dyre malware almost every day

How to hijack MILLIONS of Samsung mobes with man-in-the-middle diddle (Register) Touchscreen keyboard update leaves handsets vulnerable to remote-code execution

Phone hacking blitz hammers UK.biz's poor VoIP handsets (Register) If I ever get my hands on those phreaking kids who hacked my phones

How a bad keystroke can lead you to SpeedUpKit 'scareware' (IDG via CSO) Dozens of misspelled domain names that spoof major brands are leading unsuspecting PC users to a questionable tune-up application called SpeedUpKit

Cybercriminal Sharpshooters: Nigerian Scammers Use HawkEye to Attack Small Businesses (TrendLabs Security Intelligence Blog) It doesn't take an advanced malware to disrupt a business operation. In fact, even a simple backdoor is enough to do it

Information-Stealing Stegoloader Malware Hides in Images (Threatpost) Malware writers aren't hesitant to do what it takes to protect a campaign and keep it hidden from detection technologies and security researchers

Finding Hacking Services and More in the Deep Web (Dark Matters) Hacking services are among the most attractive commodities in the underground market, it is possible to hire a hacker to request a "realistic" penetration test, or to pay to take over a Gmail or Facebook account for cyber espionage purpose

Reactions to the LastPass breach (Help Net Security) LastPass, the company behind the popular password management service of the same name, has announced that they have suffered a breach, and has urged users to verify their account and update their master password

Don't let the LastPass hack destroy your faith in password managers (Lumension) As has been widely reported, popular online password management service LastPass has been hacked

Study: 15-30 percent of eCommerce site visitors infected with CSIM (SC Magazine) Fifteen to 30 percent of eCommerce site visitors are infected with client side injected malware (CSIM), according to whitepaper from Namogoo, an online security firm that monitors numerous verticals throughout the U.S. and Europe

The Ever-Evolving Cyber Threat to Planes (NDTV) Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities, including the fear that drones could be used to throw a plane off course

Be paranoid: 10 terrifying extreme hacks (CIO) Nothing is safe, thanks to the select few hacks that push the limits of what we thought possible

Security Patches, Mitigations, and Software Updates

Adobe Releases Security Updates for Multiple Products (US-CERT) Adobe has released security updates for Adobe Photoshop Creative Cloud (CC) and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system

Bing to encrypt search traffic by default this summer (Computerworld) HTTPS will become the default experience for all users of Microsoft's search engine

Bing arrives better late than never to the encryption party (Bing arrives better late than never to the encryption party) Ever-the-bridesmaid Bing will finally encrypt your search data by default

Cyber Trends

The Real Fog of Cyberwar: Operational Cyber Planning (War on the Rocks) Cyber operations and strategies are assumed to be critically important to national security strategies. The United States has gone to great lengths to implement cyber planning at the national level, as well as at the operational level in the U.S. military

Our View: Cyber attack points to brave new world (South Coast Today) News this past week that the personal and personnel records of 4 million current and former federal government employees had been hacked by an Internet-based attack that appears to have originated in China may represent a perilous change in international hacking

Blog: Defense and Industry Officials Look to the Cyber Future (SIGNAL) Quote of the Day: "Write that down, everybody. Security is the business case"

Cybersecurity Industry Blame Game at RSA Conference (Network World) Contrary to tradeshow presentations, the industry has not failed cybersecurity professionals as many speakers insinuated

How trustworthy are the world's leading websites? (Help Net Security) The Online Trust Alliance (OTA) evaluated nearly 1,000 websites, grading them based on dozens of criteria in three categories: consumer protection, privacy and security

Connected Home Threatens Service Provider Data (Infosecurity Magazine) Despite reservations surrounding the risk and vulnerabilities involved in everything being connected to the internet, the emerging market of the connected home is expanding to include connected living, which combines the connected home, workspace and city. And risk is expanding with it, given the number of service providers that are stepping up to hone in on the opportunity

Marketplace

Just 11% of UK Firms Have Cybersecurity Insurance (Infosecurity Magazine) Just 11% of large and mid-sized UK organizations currently have cyber insurance, and the vast majority simply don't understand the true nature of cyber risk because they haven't assessed third party suppliers, according to a new study from Marsh

To Improve Cybersecurity, Fire Some CEOs (EnterpriseTech) Despite the amazing number of cybersecurity breaches, so far the Target CEO appears to have been the only one to pay the price. While we hear some calls for the removal of the Anthem CEO, few are talking about the main cybersecurity threat in any enterprise — the organization chart

The Undaunted Rise of the Cyber Security ETF (ETF Trends) Monday was a lousy day for U.S. stocks, but as it has a habit of doing, the PureFunds ISE Cyber Security ETF (NYSEArca: HACK) ignored the broader market's nasty tape to close higher

Medical-device, IoT hacks spurring security software boom (USA Today) The same hospital computer networks that have helped deliver medical devices to U.S. patients are now making them more vulnerable to cyberattacks

George Pedersen: ManTech Eyes Cyber, Homeland Security Markets With KCG Acquisition (GovConWire) ManTech International (Nasdaq: MANT) has acquired Reston, Virginia-based cybersecurity advisory contractor Knowledge Consulting Group for an unspecified amount

Finjan Returns to Developing and Producing Secure Products for Mobile Apps and the Consumer Market (Marketwired) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, announced its re-entry into the development and production of cyber secure products

Raytheon-Websense JV, Syntel Form Cybersecurity Alliance for Clients (ExecutiveBiz) A Raytheon-Websense joint venture has selected Syntel Inc. as an integration partner to implement the JV's cybersecurity and analytics products

Three months after $2-3M seed round, cyber startup enSilo raises $10M Series A (Geektime) How could Israeli enSilo have raised such a large A round so quickly? Here are a few explanations

SRC Launches FourV Systems to Address Growing Big Data Analytics Challenges (Inside Big Data) FourV_LogoSRC, Inc., a not-for-profit research and development company, announced the formation of a new wholly owned subsidiary, FourV Systems, LLC. The new company will focus on providing big data analytics products that are scalable and easily customizable to customers' unique business needs

Accuvant-FishNet: Monster Merger Will Lead To Monster Growth For Optiv Security (CRN) Although the monster merger between cybersecurity giants Accuvant and FishNet Security is sucking up most of the oxygen, the deal will not derail the sensational growth both companies have been enjoying in recent years, according to Steve Perkins, chief marketing officer at Accuvant-FishNet

Dept of the Prime Minister & Cabinet signs Kaspersky for device security (Computerworld) Department using vendor's products to protect devices

Watchful Software Adds Cisco Executive Greg Akers to Board of Directors (BloombergBusiness) Watchful Software, a leading provider of data-centric information security solutions, today announced the election of prominent industry executive Greg Akers to its Board of Directors

ForeScout Adds FireEye CEO Dave DeWalt To Board Of Directors (CRN) Former Intel Security head Mike DeCesare's first call when joining ForeScout Technologies as CEO three months ago was to FireEye CEO Dave DeWalt, asking him to join the up-and-coming network security company's board of directors

Products, Services, and Solutions

Secude Announces New Version Of Halocore For Data Protection (Tom's IT Pro) Secude, a data security company specializing in SAP software security, announced a new release of its flagship product, Halocore for Data Protection

SaaS App Adoption Creates New Blind Spots for Data Leakage in the Enterprise (Information Security Buzz) Imperva Skyfence to protect against confidential data leakage for customers

Finding the hidden image in your cyber data (Federal Times) Do you remember the short lived 3-D poster craze of the mid 1990's where posters contained computer generated hidden 3-D images that you can only see after staring at it for several minutes and focusing your eyes either in front or beyond the actual image itself?

Facebook introduces "Moments" — supposedly a safer way to share photos (Naked Security) Remember Facebook Messenger?

Technologies, Techniques, and Standards

Privacy groups walk out of US talks on facial recognition guidelines (Naked Security) A 16-month effort to set guidelines for use of facial recognition technology that satisfy consumers' expectations of privacy and meet existing state laws went up in flames on Tuesday

Time to Focus on Data Integrity (Dark Reading) Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm

OPM Breach Offers Tough Lessons For CIOs (InformationWeek) While your enterprise may have a chief information security officer and a robust data governance department, CIOs and IT organizations are the ones on the front lines of protecting enterprise data. What lessons can we draw from the OPM breach?

Cybersecurity first responders give advice on data breach aftermath (CSO) Your company just got hacked. Now what?

The Regulatory Challenges of a Data Breach (Legaltech News) Lacking holistic rules, both state and federal regulators have taken up the mantle of cybersecurity regulations

Ways to Protect the U.S. Grid from Cyberattacks (Wall Street Journal: Risk and Compliance Journal) Judging by the number and type of cyber incidents reported to the U.S. Department of Homeland Security (DHS), attackers appear to be stepping up efforts to access or otherwise harm the electrical grid

Post-Malware Outbreak: Rip and Replace? (BankInfoSecurity) Zombie Attack Lessons Learned from Germany's Bundestag

Are Your Databases Secure? Think Again (eSecurity Planet) Targeting enterprise databases is a common attack tactic, as the Anthem breach showed, yet many companies neglect database security

Silver Linings to LastPass Hack (Easy Solutions Blog) Last night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users' email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords

Cyber Security for Startups — Practical Advice from other Founders (Heimdal Blog) How do you ensure maximum security for your users' data when you have the limited resources of a startup?

7 Development AppSec Tricks to Keep the Hackers Away — Part 1 (Tripwire: the State of Security) The mammoth rise in cybercrime has made organizations revise their application security strategy and implement new techniques to safeguard their software. This is largely because traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques

Q&A: EBay's security chief says collaboration key to keeping data safe from cyberattacks (AP vi Fox Business) It seems there's nowhere to hide these days from cyberattacks

Design and Innovation

Free SSL/TLS certificate project moves closer to launch (IDG via CSO) Let's Encrypt, a project aimed at increasing the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month

A call to researchers: Mix some creation with your destruction (Help Net Security) Since I can first remember being interested in information security, my personal hacker heroes (and I'm using hacker positively here) were the researchers who discovered zero day software vulnerabilities and could create proof-of-concept exploits to demonstrate them

Legislation, Policy, and Regulation

Pakistan grapples with fighting terrorism online (UPI) Pakistan has vowed to take action against the promotion of terrorism online, but some experts say there is little the government can do about it

'Oh Kiss My Ass, That's Not True': Stewart Baker Calls Out Cyber-Surveillance Myths (Wired) In his book Skating on Stilts, former US Department of Homeland Security Assistant Secretary for Policy Stewart Baker examines the numerous ways — air travel, biotech, the Internet — that America has left itself vulnerable to threats

Edward Snowden Supports Apple's Public Stance On Privacy (TechCrunch) Edward Snowden says we should support Apple's newly stated commitment to privacy rather than a business model driven by personal data collection, whether or not Tim Cook is being genuine. Snowden spoke over video conference during the Challenge.rs conference in Barcelona today

Giving Government 'Backdoor' Access to Encrypted Data Threatens Personal Privacy and National Security (Reason) The War on Terror is providing plenty of rhetorical ammunition to anti-encryption officials, but they are dangerously wrong

A New Look at the CIA's Pre-9/11 Mindset Reveals Uncomfortable Truths About Intel (Defense One) An inspector general report shows what's gotten better in the past decade — and what's still a problem

DISA rolls out new 5-year strategy (C4ISR & Networks) The Defense Information Systems Agency has released its 2015-2020 strategic plan, laying out core agency missions and objectives in getting IT services to Defense Department users

Paul Nakasone Promoted to Major General as Commander of Cyber Mission Force (Rafu Shimpo) U.S. Army Brig. Gen. Paul M. Nakasone received a frocked promotion to major general in a ceremony that packed an auditorium at the headquarters of the National Security Agency on April 29

Litigation, Investigation, and Law Enforcement

FBI investigates Cardinals for hacking into Astros' database (ESPN) The St. Louis Cardinals are being investigated by the FBI for allegedly hacking into networks and trying to steal information about the Houston Astros, The New York Times reported Tuesday

Even Major League Baseball Teams are Hacking Each Other (Dark Matters) The Department of Justice is investigating front office staff of the the St. Louis Cardinals baseball organization for illegally accessing the networks of the Houston Astros in an attempt to obtain confidential information on the team

Dumb criminals can't keep their mouths shut on Facebook (Hot for Security) We often warn about the dangers of over-sharing information on social networking sites

Swearing on WhatsApp in UAE could result in a fine, jail time or deportation (Naked Security) Rageaholics, beware: United Arab Emirates has passed laws against swearing, be it online or in person, and that includes F-you emojis

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, June 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still...

Information Management Conference 2015 (Nashville, Tennessee, USA, June 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, June 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations...

Portland Secure World (Portland, Oregon, USA, June 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, June 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers...

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues —...

REcon 2015 (Montréal, Québec, Canada, June 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations...

Nuit du Hack 2015 (Paris, France, June 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges...

Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, June 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber...

Cybersecurity Executive Roundtable (Blacksburg, Virginia, USA, June 23, 2015) experts from across the country will convene at Virginia Tech to meet with rising cybersecurity talent to discuss solutions for the country's cyber workforce shortage in an executive roundtable titled...

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting...

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring...

AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, June 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM)...

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational,...

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow...

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred...

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part...

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic...

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.