skip navigation

More signal. Less noise.

Daily briefing.

The US Defense Department writes warily of a growing sophistication in ISIS cyber operations, but such sophistication is more evident in the Caliphate's information operations than in hacking. Recent threats against US service members, for example, derive from unsophisticated (if diligent) doxxing as opposed to network compromise.

ISIS itself is being hit in cyberspace by a self-organized (or unorganized) array of vigilantes (yes, Anonymous among them). The terrorist aspirant state is suffering increased friction in social media.

Cyber vigilantes may also be at work on North Korean networks.

NanoCore, a remote-access Trojan, is found infesting networks from East Asia through North America and into the Middle East. It appears to be spearphishing the oil-and-gas sector, and since its source code has leaked into criminal fora, observers expect infections to spike.

Patched vulnerabilities continue to be exploited: witness Adobe Flex SDK bug CVE-2011-2461, patched back in 2011, but persisting in widely visited Websites.

Palo Alto warns of "Android Installer Hijacking" — a vulnerability affecting nearly half of Android devices.

The Premera breach autopsy continues (Washington state insurance regulators lead a multi-state investigation). Reports indicate Premera both lacked multi-factor authentication and — disturbingly — was in HIPAA compliance, moving observers to ask whether HIPAA standards are too low.

Windows Pro IT reminds its readers that hackers don't need a rational motive.

The Christian Science Monitor's Passcode reports on US regional competition to become the cyber version of Silicon Valley.

Coca Cola experiments with novel approaches to enterprise security — the Wall Street Journal has the story.


Today's issue includes events affecting Australia, Barbados, Canada, China, Egypt, Germany, Hong Kong, India, Iran, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Nigeria, Russia, Singapore, Syria, United Arab Emirates, United Kingdom, United States.

The CyberWire will be live-tweeting from the Women in Cybersecurity event, in Atlanta on Friday and Saturday, with a special edition on the conference coming Monday.

Cyber Attacks, Threats, and Vulnerabilities

'ISIS Hackers' Googled Their Hit List; Troops' Names Were Already on Public Websites (Daily Beast) They swore they "hacked military servers" to threaten U.S. troops. Actually, these self-proclaimed ISIS whiz kids basically cobbled together information that was already online

U.S. sees 'more sophistication' in Islamic State cyber capabilities (Washington Times) The Islamic State's cyber capabilities are becoming more sophisticated, though information published by the terrorist group in a kill list last week did not come from Defense Department networks, the leader of U.S. Strategic Command said Tuesday

Senator says military members on ISIS 'kill list' need help 'immediately' (The Hill) Sen. Mark Warner (D-Va.) wants Defense Secretary Ashton Carter to assure the safety of 100 U.S. service members whose personal information was recently published online by the Islamic State in Iraq and Syria (ISIS)

Cyber Attack on Frontpage (Frontpage) The enemies of freedom never rest — and neither do we

Behind a Veil of Anonymity, Online Vigilantes Battle the Islamic State (New York Times) They use screen aliases like IS Hunting Club, TouchMyTweets and The Doctor. They troll Twitter for suspected accounts of Islamic State fighters, recruiters and fund-raisers. Then they pounce

Did Vigilantes Knock North Korea Offline? (Daily Beast) U.S. cyberspies swear they didn't take down the Hermit Kingdom's Internet after the Sony hack. And those spies weren't the only ones rooting around Pyongyang's servers

Full, cracked version of NanoCore RAT leaked, onslaught of infection attempts expected (Help Net Security) NanoCore, a lesser-known remote access Trojan (RAT), has recently been spotted being delivered to employees of energy companies in Asia and the Middle East via spear-phishing emails impersonating a legitimate oil company in South Korea

Old Adobe Flex SDK bug still threatens users of many high-profile sites (Help Net Security) An old vulnerability affecting old releases of the Adobe Flex SDK compiler can be exploited to compromise user data of visitors to many popular sites, including three of most visited ones in the world according to Alexa, two researchers claim

Android Installer Hijacking Vulnerability Could Expose Android Users to Malware (Palo Alto Networks) We discovered a widespread vulnerability in Google's Android OS we are calling "Android Installer Hijacking," estimated to impact 49.5 percent of all current Android users

Camwood highlights Windows Server 2003 security risks (MicroScope) It might have taken a while but the alarm calls around the demise of Windows Server 2003 are getting louder with each passing day with the July cut-off for support moving ever closer

Premera's IT Security Audit Report Revealed Lack of Multi-Factor Authentication (Duo Security) Back at the end of November 2014, the Office of Personnel Management (OPM) released an IT security audit report on the state of Premera's security profile, noting a gap in access controls. A few months later, Premera discovered a breach of their systems that may have compromised the medical and financial data of 11 million individuals

Bahncard-Mail täuscht Rechnung vor (IT SecCity) Verschachteltes Schadprogramm baut Bot-Netz auf Gefälschte Bahncard-Mails sollen Anwender in die Schadcode-Falle locken

Cyber attack disrupts school test in Glouco district (South Jersey Courier Post) A controversial statewide test was interrupted for two days by a cyber attack on Swedesboro-Woolwich Schools' network, according to district officials

Cybercriminals moving into cloud big time, report says (Network World) Global telecommunications equipment provider Alactel-Lucent's latest cybercrime attack predictions are covered in its recent report. No one is spared

The average DDoS attack tripled in volume (Help Net Security) The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014, according to Black Lotus

100 Days of Malware (Push the Red Button) It's now been a little over 100 days since I started running malware samples in PANDA and making the executions publicly available. In that time, we've analyzed 10,794 pieces of malware, which generated

Cyber Trends

Over 15,000 Vulnerabilities Detected in 2014: Secunia (SecurityWeek) IT security solutions provider Secunia today published its annual vulnerability review. The report provides facts and details on the security flaws uncovered in 2014

Foreign Policy in the Age of Cybersecurity Threats (IBM Security Intelligence) The Obama administration has been the first to face the foreign policy and national security challenges of what may be called the modern age of cyberthreats and cybersecurity

Cyber Armageddon is a Myth (Counterpunch) Over the past several years mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. Breathless intimations of the End Times. The stuff of Hollywood screenplays. However a recent statement by the U.S. intelligence community pours a bucket of cold water over all of this. Yes, Virginia, It turns out that all the talk of cyber Armageddon was a load of bunkum. An elaborate propaganda campaign which only serves as a pretext to sacrifice our civil liberties and channel an ocean of cash to the defense industry

A Quarter of Businesses Have No Control over Network Privileges (Infosecurity Magazine) While data breaches stemming from insider privilege abuse continue to make headlines, the sad reality is that a full quarter of organizations have zero control over who accesses what in the network

Excessive User Privileges Challenges Enterprise Security: Survey (SecurityWeek) It is no secret that enterprises sometimes have trouble keeping a handle on privileged users. In the wrong hands, excessive privileges can lead to data breaches and sleepless nights for IT

Security Sense: Did You Really Think Websites Were Always Hacked for a Reason?! (Windows IT Pro) Here's one I hear a lot: "Oh we're not worried about being hacked, there's no reason an attacker would want to break into our system"

Hackers are ahead in the cyberwar — businesses need to wake up (Guardian) With cybercrime costing the UK billions, experts say it is time to confront hackers head on

9 Threats on the 2017 Threat Horizon (Mobile Enterprise) Senior business managers, information security professionals and other key organizational stakeholders beware — by 2017 nine emergent threats will make cybersecurity challenges even more difficult

Avast: Here's Why Smartphone Security Really Matters (TechWeek Europe) Around 50 million Android users were hit by some form of security issue last year, firm tells TechWeekEurope

The Gemalto hack is déjà vu for state-backed hacking — but businesses can stop it (Information Age) The recent hack on Gemalto has exposed whether organisations can truly trust their security solutions against state-sponsored surveillance


2% of UK Firms Insured Against Cyber Attacks (Newsweek) Just 2% of large UK firms have specialised insurance cover against cyber attacks, according to a report published today. This figure dropped close to zero for smaller companies and around half of the CEOs interviewed were unaware that cyber risks can be insured

The race to build the Silicon Valley of cybersecurity (Christian Science Monitor: Passcode) Cities and regions around the US vie to draw business and brainpower in a market projected to top $160 billion by 2020

Cybersecurity Firms Are Ready To Fight For Government Contracts (Benzinga) Cyber attacks have become one of the largest threats to U.S. security, as more of the nation's infrastructure has become dependent on the Internet. High profile hacking attacks against major companies and government agencies have been on the rise this year, leading the Pentagon to look for ways to prevent major security breaches moving forward

A virtual Iron Dome: Israeli cybertech wins fans at home and abroad (Haaretz) Hundreds of thousands of dollars have been invested in about 250 Israeli cyber firms, and this is just the beginning

NCC bolsters security muscle with Accumuli buy (MicroScope) Security player Accumuli has plenty of experience on the acquisition front but this time it is the one being picked up by NCCGroup

Lookingglass Raises $20 Million in Series B Funding Led by Neuberger Berman Private Equity Funds (Lookingglass) Investment will be used to fund company's dynamic growth and strategic initiatives

Mobile phone security co Skycure raises $8m (Globes) The funds will be used to expand marketing efforts and invest in R&D, including hiring in the US and Israel

Shevirah Set to Break Into Mobile Penetration Testing Market (eWeek) Security innovator Georgia Weidman started up a new company, Shevirah, in a move to take her open-source project commercial

ProtectWise Launches Its Network Security Product In A Deadly Hail Of Buzzwords (Forbes) Startup ProtectWise is launching out of stealth today and at the same time announcing over $17 million in venture funding from Crosslink Capital, Trinity Ventures. Paladin Capital Group and Arsenal Venture Partners. The company was founded by Scott Chasin, who previously started companies subsequently acquired by Symantec and McAfee. On top of this Chasin was McAfee's CTO from 2009-2012

IOActive Launches New Hardware Lab (Dark Reading) Company adds new Global 50 clients to roster, expands into Middle East

Kaspersky, Bloomberg Spar Over KGB Allegations (PC Magazine) Bloomberg accused Kaspersky Lab of excluding its Mother Russia from reports examining electronic espionage by the U.S., Israel, and the U.K.

Why You Should Be Losing Sleep over the Security Skills Shortage (Trustwave) We've written a few times in this space about the seemingly ineradicable security skills shortage that exists in organizations worldwide. Bad news: The picture doesn't appear to be getting any rosier.The latest ominous headline comes from Burning Glass, a labor market analytics firm, which has documented a 74 percent spike in cybersecurity job postings from 2007 to 2013, double the rate of all IT jobs

RedSeal Expands Management Team With Steve Timmerman as VP of Corporate Marketing and Business Development (Marketwired) RedSeal (, the cybersecurity certification company, today announced that it will further strengthen its management team by bringing aboard Steve Timmerman as VP of Corporate Marketing and Business Development. The new appointment highlights RedSeal's aggressive expansion plans — the company has a rich portfolio of product and service offerings and is moving into new markets around the world

Products, Services, and Solutions

Dragos Security Launches CyberLens™ for Passive Identification of Cyber Assets and their Communications (PRWeb) Today, Dragos Security LLC launched its solution for identifying assets and understanding the networks of critical infrastructure and high value information technology — CyberLens™. The software passively discovers assets and visualizes them on an easy to use graphical map while storing historical records for network security monitoring, incident response, and network configuration use cases

Blue Coat Global Intelligence Network Enables Customers to More Effectively Block, Detect and Respond to Advanced Threats (Marketwired) Unification of products and labs produces single stream of web and malware threat intelligence to deliver unprecedented protection while reducing the total cost of security

Leading Life Insurance Company Using EnCase® Security Products to Comply with PCI DSS (BusinessWire) EnCase® Cybersecurity and EnCase® Analytics hunt down sensitive data and undetected breaches

Datapipe Launches Enhanced Cloud Security Service for Enterprise Web Applications (BusinessWire) Cloud based web DDoS and WAF protection service adds real time protection for cloud assets against web application attacks

Conformance Technologies Launches Pen-Testing and PAN Scanning Solution (BusinessWire) Helps merchants meet PCI DSS 3.0 requirement 11.3 easily and cost-effectively

Proaktive Sicherheit für Onlinebanking & -shopping (IT SecCity) Sicherheitslösungen: G Data bringt umfassende Programm-Aktualisierungen. Neue Schutztechnologien "Made in Germany" für sicheres Online-Banking und -Shopping ab April 2015 verfügbar

Columbus Business Solutions offers Cyber Security for Schools (Barbados Advocate) Schools are under attack both from internal and external vices. Whether it is device misuse, students and teachers surfing dangerous sites or downloading unknown files or hackers, the threats to education facilities are real. This is why it's even more important for schools — whether private or public and from primary to tertiary — to have adequate security to protect their network, staff and students

Technologies, Techniques, and Standards

Premera breach: Are HIPAA standards too low? (Help Net Security) Here's an interesting twist regarding the Premera data breach revealed last week: the company has been deemed compliant with the Health Insurance Portability and Accountability Act (HIPAA) in late November 2014

Sue Schade: 4 traits of hospitals with a 'security culture' (FierceHealthIT) A key piece of any healthcare organization's IT security program has to include creating a security culture, writes Sue Schade, chief information officer at University of Michigan Hospitals and Health Centers

Hacking oil and gas control systems: Understanding the cyber risk (Plant Engineering) Cyber attacks are growing in number and intensity over the past decade. Companies in the oil and gas industry are high-profile targets and must take measures to protect themselves from hackers

See Your Company Through the Eyes of a Hacker (Harvard Business Review) JP Morgan Chase. Target. Sony. Each has been part of the growing number of cyber-attacks against private companies around the world in recent years. In the latter two cases, CEOs were forced to resign in the wake of the breach. Attacks are growing more sophisticated and more damaging, targeting what companies value the most: their customer data, their intellectual property, and their reputations

Implementing an effective risk management framework (Help Net Security) In today's marketplace, almost every employee is now a content contributor. Although beneficial to the collective of information available, this influx brings about new risk. Legal systems worldwide are clamping down and demanding greater compliance — particularly on IT systems — making it essential for organizations to implement compliance and risk management protocols. So how do we balance the benefit of the free flow of information with the risk of inappropriate access and/or disclosure? What are the consequences of not doing so?

Is Your Threat Intelligence Platform Just a Tool? (Sys-Con Media) "If the only tool you have is a hammer, you tend to see every problem as a nail." Abraham Maslow

Why aren't you vulnerability scanning more often? (CSO) I've always been curious about companies that scan their enterprises for vulnerabilities once per quarter or even once per year. Why is this the case exactly? I've worked in these environments and I've heard all manner of excuses as to why this was an issue. "We can't have any outages because it is a critical roll out for $project and we can't have any downtime." That one was always one of my favorites

Four advantages of an identity behavior-based approach to cybersecurity (Help Net Security) With an ever-increasing number of data breaches, more money is being poured into IT security budgets. According to Gartner, the average global security budget increased 8 percent from 2013 to 2014 and will grow another 8 percent in 2015. Additionally, data loss prevention (DLP) system investments will increase by almost 19 percent

How to Install Bro Network Security Monitor on Ubuntu (Known) The Bro Network Security Monitor is an open source network monitoring framework. In a nutshell, Bro monitors packet flows over a network and creates high-level "flow" events from them and stores the events as single tab-separated lines in a log file

Just how safe is encryption anyway? (Technology Spectator) When checking your email over a secure connection, or making a purchase from an online retailer, have you ever wondered how your private information or credit card data is kept secure?

Design and Innovation

Finalists announced for Innovation Sandbox at RSA Conference 2015 (Help Net Security) RSA Conference announced the 10 finalists for its annual Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry

Coca-Cola Looks to Secure Edge for Age of Cloud, Mobility (Wall Street Journal) Coca-Cola Co.KO -0.13%, feeling the pressure to strengthen its digital security, is experimenting with a new approach that makes use of software virtualization, a concept that revolutionized computer servers during the last decade or so

Research and Development

Israel, US To Integrate Cyber Test Beds (Defense News) The Cyber Security Division of the US Department of Homeland Security (DHS) aims to expand collaboration with the Israel National Cyber Bureau (NCB), Israeli cyber companies and local start-up firms


U.S. Cyber Challenge Announces Open Registration for Annual Cyber Quests Competition (US Cyber Challenge) Upcoming Cyber Quests Competition to determine qualifiers for Summer 2015 Cyber Camps

BAE funds Malaysian cyber school (C4ISR & Networks) BAE is funding a new post-graduate cybersecurity program at Malaysia's National Defense University

UK government launches Cyber First recruitment drive for future white hats (V3) The UK government has announced a Cyber First programme designed to find and train the next generation of security professionals, continuing its efforts to bolster the nation's digital defences

Legislation, Policy, and Regulation

Russia playing the long game in global cyberwar campaign (International Business Times) The recently published US intelligence community's annual threat assessment promotes cyberattacks the most serious threat to US national security

Cyberthreat Bills Take Shape on Hill, With Key Votes Looming (Wall Street Journal) Goal in Congress is to help prevent large cyberattacks that have recently hit major U.S. companies

Congress moving on long-sought legislation to thwart cyberattacks (Washington Post) The House Intelligence Committee introduced bipartisan legislation Tuesday to grant legal immunity to firms that pass cyberthreat data to the government, as lawmakers expressed cautious optimism that there is finally enough support to pass a bill that the president will sign

House Intel unveils cyber sharing legislation (The Hill) The House Intelligence Committee on Tuesday afternoon will introduce its bill to bolster cyber threat data sharing between the government and the private sector

Key Democrat: Congress Won't Tackle NSA Reform Before Cybersecurity (National Journal) "High-level" discussions on surveillance overhaul aren't taking place, Rep. Adam Schiff said

Cybersecurity Information Sharing: A Legal Morass, Says CRS (Federation of American Scientists) Several pending bills would promote increased sharing of cybersecurity-related information — such as threat intelligence and system vulnerabilities — in order to combat the perceived rise in the frequency and intensity of cyber attacks against private and government entities

Tech firms and privacy groups press for curbs on NSA surveillance powers (Washington Post) The nation's top technology firms and a coalition of privacy groups are urging Congress to place curbs on government surveillance in the face of a fast-approaching deadline for legislative action

U.S. Joint Chiefs drafting military cyber standards: arms tester (Reuters) The chief U.S. weapons tester said on Tuesday he was working with the Joint Chiefs of Staff to draft military requirements to address widespread cyber vulnerabilities in nearly every arms program and military command

Litigation, Investigation, and Law Enforcement

First lawsuits filed to block net neutrality action (FierceCIO) It had been suggested that the recent net neutrality vote by the Federal Communications Commission would be tied up for years in the courts, and the telecommunications industry hasn't disappointed

Washington officials leading Premera cyberattack investigation (Spokesman-Review) Washington insurance officials will lead a multistate investigation into how computer hackers were able to breach the security of the state's largest health insurance company and whether Premera Blue Cross took the proper steps to notify some 11 million customers after it was discovered

Fugitive posts on Snapchat that he’s hiding in the cupboard, while police search his house (Hot for Security) Is this the dumbest fugitive ever? Meet 24-year-old Christopher Wallace, wanted by police in Somerset County, Maine, in connection with the theft of a wood stove earlier this year from a sporting camp, and violation of administrative release

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Conference on Cyber Defence in Europe (Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry...

CYBERWEST (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Kansas City Secure World (Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners...

Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, April 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.