skip navigation

More signal. Less noise.

Daily briefing.

The Syrian Electronic Army resurfaces. Disgruntled that Assad-fils isn't receiving the positive buzz they feel he deserves, the SEA briefly defaces a Washington Post page to inform everyone that "The media is [sic] always lying."

Much Chinese cyber activity is noted as the week ends, much of it targeting governments around the South China Sea (and the Himalayas, although the South China Sea holds the greater geopolitical interest). FireEye reports finding command-and-control IP addresses embedded in Microsoft TechNet portal pages. Trend Micro says operation "Tropic Trooper" has been using venerable bugs, social engineering approaches, and steganographic techniques to infiltrate Taiwanese and Philippine government and industrial targets. Kaspersky offers a rundown of the Naikon APT and its targets.

Brazil continues to afford rich pickings for cyber criminals. IBM describes the Pezão Trojan, now infesting Brazilian networks.

mSpy, whose software-as-a-service offering promises to keep tabs on children, husbands, and wives in the mobile Internet, has apparently been hacked, as Krebs reports finding sensitive data on some 400,000 people dumped into the dark web.

Researchers ladle out some sauce-for-the-gander as they disclose unpatched bugs in Google App Engine.

Verizon fixes a password-reset issue. Cisco patches bugs in telepresence products.

Variety describes how Hollywood is running a tighter cybership in the wake of the Sony hack.

Reuters says CSC may break itself up.

Rumors of a FireEye sale are quashed (the company thinks it won't consider offers before it reaches $1 billion in annual sales).

Germany engages in national introspection over reported BND-NSA ties.

Notes.

Today's issue includes events affecting Brazil, Cambodia, China, European Union, Finland, France, Germany, Indonesia, Laos, Malaysia, Myanmar, Nepal, Philippines, Russia, Singapore, Syria, Taiwan, Thailand, United Kingdom, United States, and Vietnam.

Video of the presentations at last Friday's Jailbreak Security Summit is now up.

Dateline Jailbreak Security Summit

Video: Apple Security Talks and Craft Beer (Jailbreak Security Summit 2015) Watch the presentations at last Friday's Jailbreak Security Summit, which was, to the best of our knowledge, the first security summit hosted by a production brewery. The Jailbreak Brewing Company of Laurel, Maryland assembled a group of technical experts to discuss the not always well-understood world of Apple security. Corporate co-sponsors of the event included CyberPoint International, Booz Allen Hamilton, FireEye, ClearShark, Novetta, Blackpoint Technologies, Endgame, and Synack. Enjoy

Cyber Attacks, Threats, and Vulnerabilities

How the Washington Post was hijacked by the Syrian Electronic Army (again) (Hot for Security) The Syrian Electronic Army appears to have successfully scalped another high profile media outlet, briefly hijacking the mobile version of the Washington Post website to display pop-up messages claiming that the media is not telling the truth

APT group's malware retrieved C&C IP addresses from Microsoft's TechNet portal (Help Net Security) A China-based APT group has been using Microsoft's TechNet web portal to host encoded Command and Control IP addresses for its BLACKCOFFEE malware, FireEye researchers have revealed

Hackers Are Using Popular Websites To Attack Governments And Other Targets (TechCrunch) There's evidence to suggest that hackers are using popular websites to attack government agencies, NGOs and other cyber espionage targets with increasingly more subtle insurgencies

Simple Cyber-Attack Techniques and Old Bugs Compromise Govt Systems in Taiwan (Softpedia) Attackers using basic steganography techniques and exploits for old vulnerabilities in Microsoft products managed to compromise computers of government and corporate organizations in Taiwan in targeted cyber operations

How Operation Tropic Trooper Infiltrates Secret Keepers (Trend Micro: Security News) Taiwan and the Philippines are targets of "Operation Tropic Trooper," an ongoing campaign that has been found to be using old infiltration tactics — two commonly exploited Windows vulnerabilities, social engineering methods, and basic steganography — to steal state and industry secrets since 2012

The Naikon APT (SecureList) Tracking down geo-political intelligence across APAC, one nation at a time

Meet the Pezão Trojan: Brazil's Got Malware (IBM Security Intelligence) Brazil loses well over $8 billion a year to Internet crime, which happens to be the No. 1 economic crime in the country

Spyware Firm Hacked: 400,000 Victims' Data Stuck on Dark Web (Infosecurity Magazine) MSpy, a maker of notorious mobile spyware, has reportedly been breached and the personal details of over 400,000 of its victims posted to the dark web

Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked (KrebsOnSecurity) mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked

Details of unpatched vulnerabilities in Google App Engine revealed (ZDNet) Google is known for playing hardball when it comes to firms fixing security problems — and now the company itself is being held under the same standard

Is Your Router a Botnet Zombie? (PC Magazine) A newly-discovered global network of zombie routers has been used to launch DDOS attacks

Who's Watching You? How Social Media Has Fueled the Rise of Hacktivist DDoS Attacks (Cyveillance Blog) There are an estimated 200 million Instagram users, 284 million Twitter users, and more than 1 billion Facebook users

WinYahoo adware changes your Chrome secure preferences (Help Net Security) Potentially unwanted programs (PUPs) might not be as dangerous as malware, but can often lead to unexpected perils

A few 'GTA V' mods are installing malware on PCs (Engadget) While you've been busy enjoying guns that fire cars, piloting flying saucers or swimming 'round a flooded Los Santos thanks to mods for the PC version of GTA V something darker's lurked beneath the surface

Another Maldoc? I'm Afraid So… (Internet Storm Center) Guess what? Yep, there's yet another type of malicious document going around. Like last time, it's a MIME file with an MSO file containing an OLE file

New domains revive old spam (Help Net Security) The new generic top-level domain (gTLD) registration program, launched in January 2014 and intended for use by relevant communities and organizations, has proved irresistible to spammers

SIR Volume 18: July 2014 to December 2014 (Microsoft Security) The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people

Security Patches, Mitigations, and Software Updates

Verizon security hole opened up millions of customers to attack (MarketWatch) Verizon has now patched the security flaw

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software (Cisco Security Advisory) Cisco TelePresence TC and TE Software contains the following vulnerabilities: Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability, Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability

Command Injection Vulnerability in Multiple Cisco TelePresence Products (Cisco Security Advisory) A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user

Microsoft's Not Going to Kill Patch Tuesday, Security Expert Explains (Softpedia) There will be a cadence for security updates in Windows 10

Cyber Trends

Stuxnet, Sexism, CEOs and Surveillance (Christian Science Monitor Passcode) New America's Peter Singer and Passcode's Sara Sorcher chat with Bruce Schneier, prolific author and chief technology officer at Resilient Systems, about the challenges of publicly blaming countries for cyberattacks — and whose job it should be to defend private companies against sophisticated nation-state attacks. They also hear from Nate Fick, the CEO of Endgame, a venture-backed security intelligence software company, about how he's leveraging cybersecurity solutions once produced just for the government into the private sector

What causes enterprise data breaches? The terrible complexity and fragility of our IT systems (ZDNet) It's impossible to make lasting security promises anymore. Instead of blaming end user security, we need to turn up the heat on enterprise IT. Here's how

Bots now outnumber humans on the web (CSO) Bot traffic has surpassed humans this year, now accounting for 59 percent of all site visits, according to a report released today

Marketplace

Sony Hack Aftermath: How Hollywood is Getting Tough on Cybersecurity (Variety) The cyber-attack that crippled Sony Pictures Entertainment may have occurred way back in December, but the reverberations are still being felt across the entertainment industry

Exclusive: Computer Sciences prepares to break itself up — sources (Reuters) Technology consulting services provider Computer Sciences Corp (CSC.N) is planning to separate its government business from its commercial information technology division, people familiar with the matter said on Thursday

Chambers hands over a Cisco well positioned for the future (MicroScope) If you are going to take over a business where the departing CEO has been at the helm for two decades it's handy if the financial performance is in good shape

FireEye Falls After Cisco Slaps Down Buyout Rumors (Re/code) Wednesday wasn't the first time that rumors have swirled that the computer security company FireEye was the target of a buyout offer by networking giant Cisco Systems. And it probably won't be the last

Report: FireEye won't consider buyout until reaching $1B/year in sales (Seeking Alpha) A day after John Chambers shot down a vague rumor about a Cisco bid for FireEye (NASDAQ:FEYE), Re/code reports FireEye's management is "unwilling to entertain buyout offers before it reaches $1 billion in annual revenue." The company has a decent chance of reaching that level by 2017: FireEye's 2015 revenue consensus is at $629.3M (+48% Y/Y), and its 2016 consensus at $865.9M (+38%). Billings have a good chance of reaching $1B by 2016, given a 2015 billings forecast of $825M-$835M

Symantec Corporation Company Update: Delivers Soft March Quarter Results, FY16 Outlook Unchanged — Maintain Market Perform (FBR Capital Markets & Co.) Last night, Symantec Corporation (SYMC) reported soft March (F4Q15) results, in our opinion, with both the top line and bottom line coming in below Street expectations. Furthermore, SYMC gave June guidance that was also lower than expected, while the company left FY16 guidance unchanged

Cyberark Spikes On Jim Cramer-Mad Money Rumor (Benzinga) Cyberark Software Ltd CYBR 0.85% shares briefly rose on Thursday after a rumor began circulating on social media that the company's CEO will appear on "Mad Money" with Jim Cramer, which airs on CNBC at 6 p.m. ET

Security without borders: how Trend Micro is tackling the new global cyber war (Information Age) Many traditional anti-virus vendors such as Trend Micro are having to realign their efforts to encompass a much broader, global scope beyond the enterprise firewall. Raimund Genes, Chief Technology Officer, talk to Information Age about how the challenge has grown

"Nothing illegal going on here!" says US Army veteran behind Hacker's List (Naked Security) If you search online for someone to do some hacking for you, there are a growing number of online marketplaces where you can find cybercriminals who offer their services for a fee, from a few dollars to several thousand, depending on the skill and risk involved

DOD Lab Day has a cyber undercurrent (FCW) There weren't many displays of cybersecurity technologies at the Defense Department Lab Day. Software, as Frank Kendall, the Pentagon's top acquisition official, pointed out, does not necessarily lend itself to eye-catching exhibits. But cyber was where the money was at this science fair of sorts in the Pentagon courtyard on May 14

26 Firms Picked for $1.8B Army Knowledge Services Contract (GovConWire) Twenty-six companies have won positions on a potential eight-year, $1.8 billion contract to provide a range of knowledge-based services to the U.S. Army

United Will Reward People Who Flag Security Flaws — Sort Of (Wired) United Airlines announced this week that it's launching a bug bounty program inviting researchers to report bugs in its websites, apps and online portals

(ISC)² Global Information Security Workforce Study ((ISC)² Foundation) The (ISC)² Global Information Security Workforce Study reflects the opinions of the dynamic information security workforce. It is the largest study of its kind and provides detailed insight into important trends and opportunities within the information security profession. It aims to provide a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security that is of use to companies, hiring managers and information security professionals

Cyber Security Staff Salaries are Booming (Seculert) As reported by the Wall Street Journal, salaries for mid-level software engineers capable of helping enterprises thwart advanced malware and prevent data leaks are booming. Add the fact that many CSOs tasked with on-boarding new talent are hindered by strict salary caps, and the problem of recruiting and retaining cyber security staff has become even more intractable

Whitewood Encryption Systems Names Data Security and Cryptography Expert Richard Moulds as Vice President of Business Development and Strategy (BusinessWire) Whitewood Encryption Systems, Inc., a developer of next-generation systems of data encryption that leverage advanced cryptographic technologies emerging from U.S. centers of research excellence, today named Richard Moulds, the former Vice President of Product Strategy and Marketing for Thales e-Security, as its new Vice President of Business Development and Strategy

Security research expert Gavin Reid joins Lancope as VP of Threat Intelligence (Vanilla +) Lancope, Inc.® has announced that security research expert Gavin Reid has joined the company as vice president of threat intelligence

Products, Services, and Solutions

IBM's hacking database takes off with banks, retailers (Yahoo! Finance) IBM's (IBM) new cyberthreat data sharing project has attracted more than 1,000 companies in its first month, but the private sector effort doesn't reduce the need for new laws to encourage further sharing, IBM officials said

Fujitsu ships first phone with eyeball-scanning authentication (Naked Security) You don't have to read Japanese to glean Fujitsu's point in the video ad for its new mobile phone: frowning, furrowed-brow people locked out after forgetting their passwords get smiley after their phones scan their irises to authenticate them and unlock

Bromium earns University of Cambridge Computer Lab Ring Product of the Year 2015 (Cambridge Network) Bromium vSentry and LAVA selected for "Hall of Fame" for superior threat protection

Review: Avast Internet Security 2015 (BIT) Avast is famed for its free antivirus, which the company claims "offers the most-trusted security in the world", protecting "more than 220 million people, businesses and mobile devices". So what more do you get if you actually pay for it?

Videology, White Ops combat online video ad fraud (Advanced Television) Videology, the video advertising technology platforms, and White Ops, a pioneer in online ad fraud detection, have partnered to combat bots and other non-human activity in online video at scale

Lavaboom Is Another Zero Access Encrypted Email Service Hosted In Germany (TechCrunch) The post-Snowden boom in strongly encrypted services continues. To wit: Lavaboom, a made-in-Germany encrypted email service, which is currently in beta and seeking a $100,000 crowdfunding raise via Indiegogo to get a fully featured product to market

Technologies, Techniques, and Standards

Five tips to comply with the new PCI requirements (CSO) Failure to comply with these five new requirements will mean paying significant fines

Never waste a good crisis: How to respond to a data breach (FierceITSecurity) Here are the six most important things you should do to prepare for the inevitable data breach

Cloud security best practices during all phases of the infrastructure lifecycle (Help Net Security) In the era of cloud technology, online attacks are becoming more sophisticated

Combating insider threats in the contact center (Help Net Security) Advances in security technology are making many payment channels safer than ever for consumers, however, they are also forcing professional fraudsters to concentrate on an ever-diminishing number of more vulnerable targets

When Companies Expand Globally, Security Technology Takes On New Tasks (SourceSecurity) Expanding into other countries with sales offices, manufacturing facilities and distribution centers can present a number of security risks

Teaming Up to Educate and Enable Better Defense Against Phishing (Dark Reading) Companies need to both educate their employees and implement prevention technology

A 16-Step Guide to Data Security for Travelers and Globetrotters (Heimdal Security) How do we define data security for travelers? And is data security enough or do we need to follow some common sense rules while traveling throughout foreign countries?

Design and Innovation

Reddit Wants to Exile Trolls. But Growing Up Is Hard (Wired) Reddit is finally growing up. Or at least it's trying

Legislation, Policy, and Regulation

Germans are still digesting their complicity with America's digital spy agency (Quartz) The U.S. House has voted to strike the section of the Patriot Act that allows mass collection of Americans' phone metadata, a week after the federal appeals court ruling that the dragnet wasn't legal anyway. Amid the progress, Germans are still processing what exactly the National Security Agency has been up to on the continent. On May 12, Wikileaks released 1,380 pages of documents from the German Bundestag'a committee hearings on the NSA's collaboration with the Bundesnachrichtendienst (BND)

Cybersecurity is a team sport (Politico) It is high time for Europe to emulate the US's new cyber strategy

Internet policy experts support transition of domain names to multi-stakeholder community (FierceGovernemntIT) A proposal to shift management of the web addresses that power the Internet from the Commerce Department to a "global multi-stakeholder community" is gaining support as a deadline looms

Senators reintroduce bill to boost students' data privacy (FierceGovernmentIT) A bill that aims to increase student privacy protections by blocking education companies from selling student data has been reintroduced in the Senate

Welch, Others Introduce Legislation to Require Transparency in Intelligence Budgets (Vermont Digger) Bill tracks 9/11 Commission recommendation to make public the top line budgets of 16 federal intelligence agencies

Shortcomings of Cybersecurity Bills (New York Times) A series of brazen hacking attacks against companies like Sony Pictures, Target and Anthem have spurred lawmakers in Congress to propose cybersecurity legislation. These bills could help make American networks somewhat less vulnerable to hackers, but they would do so at a cost to the privacy of individuals

Cybersecurity, mission areas must integrate to stave off flood of attacks (Federal News Radio) Dramatically reducing the onslaught of cyber attacks against federal agencies is a matter of bringing a certain type of discipline to the government

Cyber on campus: NSA boss part of academy-industry forum (Army Times) Before visiting with the newly created Army Cyber Institute last year, Mark McLaughlin hadn't been back to West Point since his 1988 graduation

Winnefeld: DoD Must Strengthen Public, Private Ties (DoD News) The military has two jobs for America: to fight today's wars and to prepare to fight the wars of the future, the vice chairman of the Joint Chiefs of Staff said in West Point, New York, today

Litigation, Investigation, and Law Enforcement

How one US scientist ended up accused of spying for China (Naked Security) Xiafen "Sherry" Chen, a 59-year-old hydrologist born in China and a naturalized US citizen for nearly two decades, says she thought she was doing a harmless favor

Google Faces More Scrutiny Over Right To Be Forgotten (InformationWeek) A group of 80 Web academics have penned an open letter to Google insisting on more transparency for right to be forgotten requests in Europe

Kids' apps and websites set for scrutiny by ICO and other privacy watchdogs (Naked Security) Privacy watchdogs in 29 countries, including the UK, Germany and France, are set to look at how websites and apps aimed at children collect personal information, and whether they comply with data protection laws

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...

2015 Honeynet Project Workshop (Stavanger, Norway, May 18 - 20, 2015) Each year the Honeynet Project annual workshop brings together top information security experts from around the globe to present their latest research efforts and discuss insights and strategies to combat...

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science...

Cyber Risk Wednesday: How Will Our Cyber Future Be Different from Today? (Washington, DC, USA, May 20, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on May 20, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the future of cyberspace and the game-changing scenarios that could transform it...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.