skip navigation

More signal. Less noise.

Daily briefing.

Islamic state information operations increasingly mix atrocity-boasting videos with "women's propaganda" that seek to normalize life in the Caliphate. (One hopes in vain that few will be deceived by the latter, or impressed by the former.) ISIS attempts to doxx and target American service members continue (doxxing, but no evidence of hacking).

Files stolen by Snowden and released by others apparently reveal Canadian cyber capabilities (and operational styles — some alleged information ops discussions show a markedly puerile malignity).

More analysis of Drupal vulnerabilities and exploitation appear.

Denial-of-service attacks increasingly serve as misdirection and cover for more damaging exploits.

PoSeidon is giving BlackPOS a run for its money in the criminal marketplace.

GoDaddy's layered protections are reported vulnerable to social engineering (not surprising for any system with humans in the loop) and Photoshopping (a little surprising).

Game-streamer Twitch says it's been compromised and will reset user passwords.

Google finds and revokes misused certs (Mozilla does, too).

Tails gets an emergency security fix.

Verizon's report on paycard security tells Fortune testing's in decline.

Passcode revisits a vexed problem: what counts as a "cyber incident" as opposed to, say, a glitch or malfunction? (Of particular concern with respect to industrial control systems.)

Bloomberg's spat with Kaspersky (advantage Kaspersky) over government influence prompts reflections on national borders' continuing role in cyberspace.

Security analysts offer approaches to risk mitigation — start by determining what's at risk.

Chinese release of PLA cyber offensive capabilities may be a step toward deterrence (something the US wants more of, too).


Today's issue includes events affecting Botswana, Canada, China, Denmark, Egypt, European Union, Finland, Iraq, Israel, Mexico, Norway, Russia, South Africa, Spain, Sweden, Syria, Ukraine, United Kingdom, United States.

The CyberWire will be live-tweeting from the Women in Cybersecurity event, in Atlanta on Friday and Saturday.

Cyber Attacks, Threats, and Vulnerabilities

War by Doxxing (Defense One) Combat pilots are just the most recent victims of a common practice. It doesn't mean that the military has been hacked

Army: We are investigating Islamic State threats (Army Times) The Army says it's investigating an Islamic State group call to harm U.S. troops at home. The militant organization occupying parts of Iraq and Syria reportedly posted the names, photos and home addresses of 100 American service members accused of participating in bombing missions against it

The powerful propaganda being spread online by women in the Islamic State (Washington Post) The Islamic State's online reach is notorious. One study estimated that at least 46,000 Twitter accounts were supporting the militant group in 2014. And while much of the content created by the Islamic State showcases the brutality of the group, a lot actually shows a (relatively) softer side

New IS 'Execution' Video Targets Kurds (Radio Free Europe/Radio Liberty) Footage of a notorious Iraqi Kurdish Islamic State (IS) militant who was reportedly killed in Kobani in February appears in a new video showing the execution-style killing of a Kurdish-speaking prisoner

Snowden Leaks: Canadian Security Establishment Has Tools For 'Deception', 'False Flag' Attacks (International Business Times) Freshly leaked documents show that Canada's electronic surveillance agency has covertly developed a set of cyberwarfare tools designed to steal data and cripple online infrastructure in foreign countries. The targeted countries include ones that Canada has friendly relations with, according to reports

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls (CSO) 18 minutes from start to finish, thanks to monitoring mode

DDoS Attackers Distracting Security Teams With Shorter Attacks: Corero Networks (SecurityWeek) Distributed denial-of-service (DDoS) attacks are being leveraged to circumvent cybersecurity solutions, disrupt service availability and infiltrate victim networks, according to a new report from Corero Network Security

Will POSeidon Preempt BlackPOS? (Dark Reading) Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage

GoDaddy accounts vulnerable to social engineering and Photoshop (CSO) GoDaddy's layered verification protections defeated by a phone call and four hours in Photoshop

Twitch accounts were compromised, passwords for all users reset (TheNextWeb) Uh oh, game streaming service Twitch has posted a short notice to its blog warning that there "may have been" some unauthorized access to some Twitch user information

DMARC and Spam: Why It Matters (TrendLabs Security Intelligence Blog) Recently I discussed how TorrentLocker spam was using email authentication for its spam runs. At the time, I suggested that these spam runs were using email authentication to gather information about victim networks and potentially improve the ability to evade spam filters. DomainKeys Identified Mail's (DKIM) own specification mentions the possibility of messages with from "trusted sources" and with a valid signature being whitelisted

Fake "Incoming Fax Report" emails lead to crypto-ransomware (Help Net Security) Once again, fake "Incoming Fax Report" emails carrying malware are being sent out to random users. Given the popularity of online fax-sending services, there are likely to be many victims

Scammers use Whatsapp calling feature as a lure (Help Net Security) Survey scammers and adware peddlers continue to advantage of the interest Whatsapp users have in the quietly rolled out Free Voice Calling feature

Google warns of unauthorized TLS certificates trusted by almost all OSes (Ars Technica) Misissued certs known to impersonate several Google domains, may affect others

Maintaining digital certificate security (Google Online Security Blog) On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC

Revoking Trust in one CNNIC Intermediate Certificate (Mozilla Security Blog) Mozilla was recently notified that an intermediate certificate, which chains up to a root included in Mozilla's root store, was loaded into a firewall device that performed SSL man-in-the-middle (MITM) traffic management. It was then used, during the process of inspecting traffic, to generate certificates for domains the device owner does not legitimately own or control

Apparent cyberattack knocks out state website (WMTW) Website service restored at about noon

Kreditech Investigates Insider Breach (KrebsOnSecurity) Kreditech, a consumer finance startup that specializes in lending to "unbanked" consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants' personal and financial records online

Study: One-third of top websites vulnerable or hacked (CSO) One out of three of the top million websites are either vulnerable to hacking or already hacked

Bulletin (SB15-082) Vulnerability Summary for the Week of March 16, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Tails 1.3.1 emergency release fixes security issues (Help Net Security) Tails 1.3.1, is out. This is an emergency release, triggered by an unscheduled Firefox release meant to fix critical security issues

Cyber Trends

Law enforcement and security agencies face big data challenge (ComputerWeekly) Law enforcement and security agencies face the same big data challenge as business, according to John Wright, global director of public safety and justice solutions at Unisys

Cisco 2015 Annual Security Report (Cisco) Understand how attackers are taking advantage of gaps between defender intent and their actions in order to conceal malicious activity and evade detection

Why system testing, a critical aspect of data security, is worsening (Fortune) Pentesting and vulnerability scanning are in decline, according to Verizon's 2015 payment card industry data security report

How cyberattacks can be overlooked in America's most critical sectors (Christian Science Monitor Passcode) Across some of the most crucial sectors of the American economy, there's a lack of consensus of what exactly should be considered a 'cyberincident' — and whether technical mishaps, even without malicious intent, should count. That's a problem

Smart home device vendors know their products are not secure: Symantec (Computer Dealer News) Not only are smart home devices not secure, but device manufacturers are not doing anything about it, according to Symantec

Small businesses pose an easy target for cybercrime (Citizens Voice) Small businesses are more susceptible to cybercrime for many reasons, and thus an easy target, an expert says

Most Small Firms Believe Cyber Protection is too Expensive (Information Security Buzz) Today, there are more SMEs than ever making heavy use of new technologies to cut costs and increase efficiency across all areas of their business. With this, however, comes an increasingly persistent risk of hacking and breaches of security that have the potential to cripple smaller businesses. A recent report has found that many of these small businesses carry misconceptions around cyber protection, resulting in a lack of security which leaves their organisations open to massive hacking losses that last year cost UK businesses between £65,000 and £115,000


Massive Enterprise Endpoint Security Opportunity (Network World) Next-generation endpoint security suite could be a billion dollar play

Six Nordic startups enterprise IT users should watch (ComputerWeekly) Spotify and Angry Birds. Combine the words 'startups' and 'Nordics' and these companies come to mind. But consumer-focused technology is just the tip of the iceberg in the Nordics, with some of the most exciting startups operating in the enterprise space

RedSeal Named to JMP Securities' Fast 50 List of Hottest Privately Held Security and Networking Firms (Marketwired) RedSeal (, the cybersecurity certification company, has been named to the JMP Securities Fast 50 list of hottest privately held security and networking companies. The list recognizes innovators that have the capability to dominate their respective markets

Why Shares of CyberArk Software Ltd. Jumped Today (Motley Fool) What: Shares of cyber security company CyberArk Software (NASDAQ: CYBR ) jumped on Monday after Bank of America initiated analyst coverage, giving the stock a buy rating and a $60 price target. At noon, the stock was up just over 10%. It had closed Friday at $48.69

Cyber security co SolebitLABS raises $2m (GLOBES) The Israeli company develops cyber-security solutions that protect networks from zero-day attacks and advanced persistent threats

Help us find Washington's next tech innovators: Week Two (Washington Post) Capital Business is teaming up with the Northern Virginia Technology Council to find the area's most interesting product innovations

Airbus Wins UK Cyber Center Research Deal (DefenseNews) The creation of a UK virtual cyber operations center aimed at defeating battlefield attacks took a step forward with the award of a small study contract to Airbus UK by Ministry of Defence researchers

Huawei to assist on cyber security (Monitor) Chinese technology giant Huawei says it is devising ways to assist the Botswana government on issues of cyber security

Kaspersky accused of having close ties to sauna-loving Russian spies (Graham Cluley) An extraordinary story appeared on the Bloomberg website at the end of last week, accusing security company Kaspersky Lab of having "close ties to Russian spies"

When Cybersecurity Meets Geopolitics (Wall Street Journal) FireEye Chief Executive David DeWalt says all major powers have "somewhat national-born security companies." Before American computer-security company FireEye FEYE -0.88% releases a report on new hacker activity, it sometimes gives the U.S. government an advance copy. Dutch competitor Fox-IT trains the Netherlands' cyberwarriors. Moscow-based Kaspersky Lab helps Russian authorities investigate hacking cases

Products, Services, and Solutions

Will 2015 Be Adobe Flash's Swan Song? (eSecurity Planet) Following more critical zero-day exploits, Adobe's Flash platform's place in the enterprise appears as unsecure as the software itself

Technologies, Techniques, and Standards

Working backwards (CSO) How to think about risk mitigation

Good Security Starts with Knowing What's Valuable (Dark Matters) In February 2015, a report was published based on findings from 2014 investigations which revealed that while organizations were discovering compromises faster, less than one third were identifying breaches on their own

'Compliance fatigue' sets in (CSO) Yes, compliance with multiple security frameworks is difficult, time-consuming and expensive. But those who defend it point out that being breached causes much worse headaches A Cautionary Call To Action (InformationWeek) As former Secretary of State Hillary Clinton becomes ever more embattled in the press and in politics because of her personal email usage, we can draw lessons for enterprises and employees alike on contending with Shadow IT

5 Social Engineering Attacks to Watch Out For (Tripwire: the State of Security) We have become all too familiar with the type of attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. We hear about this breed of hacker in the news all the time, and we are motivated to counter their exploits by investing in new technologies that will bolster our network defenses

Reader Forum: How to ensure your business phone systems are secure (RCRWirelessNews) Hackers have been featured on the news recently as credit cards and passwords have been obtained in breaches, leaving millions to worry about whether their bank accounts or e-mail addresses are secure

5 steps to protecting your privacy online (IoL SciTech) These are troubling times for anyone concerned about the security of their electronic data. Hardly a day goes by without news of another hack or some other form of cyber skulduggery on the part of criminals, corporations and even government agencies

Design and Innovation

New Android 'on-body detection' leaves your phone unlocked as long as you keep moving (Naked Security) Google must be taking pity on index fingers fatigued with all that Android unlocking

Extreme cryptography paves way to personalized medicine (Nature) Encrypted analysis of data in the cloud would allow secure access to sensitive information

Digital Dark Age: Information Explosion and Data Risks (Infosec Institute) "Old formats of documents that we've created or presentations may not be readable by the latest version of the software because backwards compatibility is not always guaranteed," says Vint Cerf, Google's Vice President and one the fathers of the Internet

Legislation, Policy, and Regulation

UK Insurance Act Receives Royal Assent (WillisWire) The Insurance Act 2015 received royal assent on 12th February 2015. The Act, which I described as the "the most profound shift in UK commercial insurance law ever," introduces key changes to the duty of disclosure in commercial insurance contracts as well as to warranties and insurers' remedies for fraudulent claims. These measures will not come into force until August 2016, giving all of us enough time to prepare for them

Government support for cyber insurance should hike security awareness (MicroScope) The government is recommending that firms stop viewing cyber security as just an IT issue and start to look it from a commercial risk perspective setting out defences and recovery plans should the worst happen

Why the PLA Revealed Its Secret Plans for Cyber War (The Diplomat) Revealing the organizational structure of the PLA cyber forces may serve a deterrence purpose

Cyber Commander: United States needs a Cold War deterrence strategy for peace in cyberspace (Flash//Critic) The commander of the U.S. Cyber Command this week called for creating a Cold War-style balance of power in cyber space mirroring the U.S. nuclear deterrent strategy used against the Soviet Union

Preparing for Cyber War: A Clarion Call (Just Security) In every War College in the world, two core principles of military planning are that "hope is not a plan" and "the enemy gets a vote." Any plan developed without sensitivity to these two maxims is doomed to fail. They apply irrespective of the mode in which the conflict is fought, the nature of the enemy, or the weapons system employed. Unfortunately, some states seem to be disregarding the maxims with respect to cyber operations. They include certain allies and friends around the world, states that the United States will fight alongside during future conflicts. The consequences could prove calamitous, especially in terms of crafting complementary strategies and ensuring interoperability in the battlespace

Editorial: Strengthen Electronic Warfare (Defense News) One of the key lessons of Moscow's invasion of Ukraine is the potency of Russia's electronic warfare capabilities, the product of decades of focused investment

CISA Security Bill: An F for Security but an A+ for Spying (Wired) When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users' personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won't actually boost security. And second, the "information sharing" it describes sounds more than ever like a backchannel for surveillance

U.S. to stop collecting bulk phone data if Congress lets law expire (Reuters via Business Insider) U.S. intelligence agencies in June will stop bulk collection of data documenting calls by U.S. telephone subscribers, unless Congress extends a law authorizing the spying, U.S. officials said on Monday

DoD straddles the public cloud fence (Federal Times) The Defense Department has in recent months enacted new policies aimed at accelerated adoption of commercial cloud, even as officials seek to strike a balance between security, savings and efficiency

Litigation, Investigation, and Law Enforcement

Trey Gowdy orders Hillary Clinton to turn over email server as Adam Schiff protests (Washington Times) The committee investigating the Benghazi attacks formally requested Friday that Hillary Rodham Clinton turn her email server over to an independent third party so it can be scrutinized to determine whether she and the Obama administration complied with open records laws

EXCLUSIVE: Jailed hacker Guccifer boasts, "I used to read [Clinton's] memos… and then do the gardening" (Pando Daily) December 2013 in the village of Sâmbăteni, Romania. The air is dull and frosty as Marcel Lazăr Lehel walks out of his mud-brick house, carrying a cheap brand laptop and a mobile phone, and goes to the back garden. Exhaling steam, he places the devices on the ground, picks up his axe and begins to chop with hard, steady blows. Thunk-crunch, thunk-crunch, thunk-crunch

No Harm No Foul: Time to End the Petraeus Saga (Small Wars Journal) It is a tenet of our system of justice that the punishment should fit the crime. Since 2012, the U.S. Justice Department has been investigating whether retired US Army four-star General David Petraeus leaked classified information to his biographer Paula Broadwell, with whom he had an affair after retiring from the military to take the position of CIA Director

European Court of Justice hears NSA/PRISM case: EU-US personal data flows under "Safe Harbor" on the table (European Court of justice via the Christian Science Monitor Passcode) On Tuesday March 24th the Court of Justice (CJEU) will hear a case referred by the Irish High Court on the NSA/PRISM spy scandal, which may have major implications for EU-US data flows and US internet companies operating in Europe (case number: C-362/14)

Wikipedia challenge to NSA surveillance weighs privacy violation and proper targeting (Constitution Daily) What are the basics of Wikipedia's lawsuit against the National Security Agency? In a nutshell, the popular free-knowledge product believes the NSA surveillance of its foreign-based users is discouraging free speech for all people who use Wikipedia

Recent court cases clarify some BYOD legal issues (FierceMobileIT) A number of recent court cases have clarified some of the legal issues around BYOD, observed Amanda Tomney, an associate at the law firm of DLA Piper

Alleged StubHub cyberscalper will be extradited to the US (Naked Security) Just over eight months ago, we wrote about a number of arrests relating to cybercrimes against StubHub

Top Silk Road drug dealer sentenced to 5 years (Naked Security) A major drug dealer operating through the Silk Road underground market has been sentenced to five years in jail for his crimes

Did phone hacking by Mirror newspapers cause 'harm'? (Graham Cluley) A lawyer representing Mirror Group of tabloid newspapers has argued that while unauthorised access to voicemail messages was "unlawful and wrong" it did not result in "permanent harm"

Most parents don't know how to tackle cyber bullying (Help Net Security) 54 percent of UK parents would have no idea if their child was being cyber bullied, highlighting that most parents are completely ill-equipped and under-educated in knowing how to recognize and deal with this growing threat to children

Are smartphones bad for our kids? (Naked Security) Back in the '90s, children attempting suicide were a rare thing

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing...

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

Upcoming Events

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Conference on Cyber Defence in Europe (Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry...

CYBERWEST (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.