skip navigation

More signal. Less noise.

Daily briefing.

In the US, the IRS discloses a compromise of some 100,000 taxpayers' personal information. The IRS's "Get Transcript" online service was the attackers' apparent point of entry: they were able to use stolen personally identifiable information (PII) to gain access to records. Krebs notes that tax agency issues in the US are cascading to state revenue agencies. Others note that the breach offers an object lesson in why PII are valuable in enabling other attacks.

Iran claims it thwarted a US cyber attack on its oil ministry.

Moroccan hacktivists deface sites belonging to the Nepalese embassy in the US to express distaste for US policy.

Core Security demonstrates a proof-of-concept exploit against a Windows Group Policy flaw, MS15-011, patched in February.

New Android ransomware distributed in a very aggressive campaign comes with an unusually convincing spoof of an FBI warning.

New router exploits are giving particular attention to social networks.

Dark Reading runs two interesting pieces on cyber crime. One describes the activities of a lone-wolf, petty skid, the other the high-end connections between nation-state security services and organized cyber crime.

In industry news, Bain acquires Blue Coat for a reported $2.4 billion. Homeland Security Today offers a summary of recent cyber mergers and acquisitions.

Several articles offer views on the possibilities and pitfalls of cyber threat intelligence sharing.

The White House scowls at Congress (and they're looking at you, Senator Paul) over failure to enact cyber legislation.

Target's data breach settlement with MasterCard is said to have fallen apart.


Today's issue includes events affecting Iran, Morocco, Nepal, Russia, United Arab Emirates, United Kingdom, United States.

We're covering the inaugural Billington Corporate Cyber Security Summit in New York today. We're tweeting the proceedings today; we'll have a full report in tomorrow's issue.

Cyber Attacks, Threats, and Vulnerabilities

Hackers attack the IRS 145 million times a year. Now we know they got in (Quartz) Identity thieves pilfered tax records filed by some 100,000 households and tried to steal as many as 100,000 more, according to a statement from the US Internal Revenue Service, the national tax collecting agency

IRS hacker attack puts US tax payers at risk (We Live Security) The IRS, the United States government agency for collecting taxes, has admitted that for more than two months malicious hackers targeted its systems, and managed to gain access to information about more than 100,000 tax payers

IRS discloses breach, attackers used PII to clear security checks (CSO) 100,000 taxpayers affected, criminals used personal information to clear various security checks

IRS: Crooks Stole Data on 100K Taxpayers Via 'Get Transcript' Feature (KrebsOnSecurity) In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS's own Web site to obtain taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year

Iran Says It Foiled US Cyber Attack on Oil Ministry (Al Arabiya) Iran said on Tuesday it had foiled a cyber-attack on the Islamic republic's oil ministry, and that those behind the hacking attempt were based in the United States

Website Of Nepali Embassy In US Hacked, Left With Anti-American Content (HackRead) The official website of embassy of Nepal in Washington was hacked by a group of Moroccan hacker not happy with American invasion of Iraq and what happened afterwards

Researcher Exploit Patched Windows Group Policy Bug (Threatpost) Researchers from Core Security were able to exploit a security vulnerability in Windows Group Policy — MS15-011 — that was patched in February by Microsoft

Moose — the router worm with an appetite for social networks (We Live Security) Moose — the router worm with an appetite for social networks

Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings (Threatpost) Attacks targeting small office and home router DNS settings, long a target for network intruders seeking to redirect web traffic to malicious sites, have for the first time been included in an exploit kit — one that specializes in cross-site request forgery attacks

15,000 spam emails have hit the inboxes of Android users in recent days (Help Net Security) Thousands of Android users are at risk of having their mobile devices and private contents locked by a particularly ruthless ransomware that demands $500 to restore access

Android ransomware poses as FBI smut warning (Register) Call the cops! Erm, actually don't

Chrome Lure Used in Facebook Attack despite Google’s New Policy (TrendLabs Security Intelligence Blog) Just how effective is it for cybercriminals to keep using Google Chrome and Facebook to infect their victims with malware?

Cyber Attack on IDA Server Prompts License Key Replacement (Softpedia) Threat actor keeps low profile, date of the attack unknown

Beacon Health victim of cyber attack, patient information exposed (South Bend Tribune) Beacon Health Systems fell victim to a "sophisticated cyber attack," but the health agency says it hasn't found evidence of information being misused

Is It Possible for Passengers to Hack Commercial Aircraft? (Wired) When security researcher Chris Roberts was removed from a United fight last month after tweeting a joke about hacking the plane's inflight entertainment system, the security community was aghast at the FBI's over-reaction and United's decision to ban him from a subsequent flight

NATS failure down to bug from the 90s and redundant code (ComputerWeekly) A bug present in the National Air Traffic Services (Nats) IT system since the 1990s has been identified as the root cause of the five-hour outage of UK air traffic control on 12 December 2014, according to an independent inquiry

State-Sponsored Cybercrime: A Growing Business Threat (Dark Reading) You don't have to be the size of Sony — or even mock North Korea — to be a target

Profile Of A Cybercrime Petty Thief (Dark Reading) Trend Micro provides peek at methods of amateur, lone-wolf carder

What's it like to be hated by the Russian internet? (Guardian) As online space becomes increasingly toxic, Afisha talks to four prominent figures about managing torrents of personal abuse

Security Patches, Mitigations, and Software Updates

Windows 10: Securing Identity, Information and Devices (eSecurity Planet) Windows 10 includes some goodies for enterprise security professionals

Synology patches serious flaws in its network-attached storage devices (IDG via CSO) Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices' software, one of which could allow attackers to compromise the data stored on them

Cyber Trends

Why insider threats are succeeding (Help Net Securiy) Data leaks and other news events over the past few years have brought insider threats to the forefront of public attention, but most companies still lack the means or motivation to protect themselves from malicious insiders


Cybersecurity M&As And VC Investments Roundup (Homeland Security Today) The cybersecurity market is hot and growing fast, with projected growth from $71 billion in 2014 to more than $155 billion by 2019. Along with that, there's a consistent stream of mergers, acquisitions and VC investments activity

Blue Coat acquired for $2.4 billion (ChannelLife) Bain Capital, the private investment firm, has acquired Blue Coat from Thoma Bravo in an all-cash transaction valued at approximately $2.4 billion

EMC plots managed cloud push with $1.2bn deal to acquire Virtustream (ComputerWeekly) EMC is plotting a move into the managed cloud services space by agreeing to acquire enterprise-focused service provider Virtustream for $1.2bn

The Pentagon Is Rethinking a $475 Million Cyber Defense Proposal (Nextgov) Nearly a week after extending the terms of its original proposal, U.S. Cyber Command revoked a 5-year contract offer that aimed to backfill significant staffing shortages

Northrop Grumman CEO Wes Bush pushes back against Pentagon's Silicon Valley fascination (Washington Business Journal) Northrop Grumman Corp. CEO Wes Bush offered some warning to government about neglecting the defense industry as a key source of innovation for national security

Inside the company that can predict the future by analysing every piece of information on the web (Business Insider Australia) For Christopher Ahlberg, predicting the future is as simple as typing a single word into a piece of software

Products, Services, and Solutions

Check Point Delivers SCADA Security Solutions to Protect Industrial Control Systems Against Cyber Threats (Marketwired via CNN Money) New hardened security appliance with most in depth SCADA security for your critical infrastructure

Experian Data Quality launches new self-service email validation tool (PRNewswire) True software-as-a-service offering provides leading bulk email validation for transactional pricing

Developers hope that new gizmo will bring an old idea back into fashion (Ars Technica) South African Security firm Thinkst is hoping to give new life to an old idea — the honeypot — in a bid to help organizations detect security breaches and intruders in their private networks. Thinkst's Canary is a simple network appliance and corresponding online monitoring service that makes it easy to set up juicy-looking targets on the corporate LAN that will sound the alarm if any attempt is made to access them

Technologies, Techniques, and Standards

A Threat Intelligence-Sharing Reality-Check (Dark Reading) Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say

The Cost of Bad Threat Intelligence (Active Response) There is no doubt that threat intelligence is now "a thing"

10 Threat Intelligence Goals for Financial Institutions (Recorded Future) Russell Pierce, Vice President of Cyber Security and Threat Intelligence at Regions Financial Corporation recently shared his experiences with building a threat intelligence program, and how Recorded Future contributes to its overall success

Breach detection: Five fatal flaws and how to avoid them (Help Net Security) When the Sarbanes-Oxley Act of 2002 was passed, it fell on corporate security teams to translate its requirements into technical controls. That threw the IT Security function into the deep end of the pool, and it has been sink or swim ever since

How to monitor XSS attacks and other security threats on your website, in real-time (Graham Cluley) Cross-site scripting (XSS) is a form of exploit where an attacker somehow places malicious JavaScript into a webpage

Digital Forensics and the Futuristic Scene-of-Crime (Tripwire: the State of Security) Over the years, I have written multiple articles on the subject of digital or cyber forensics and the importance it serves in supporting the modern world with regards to corporate and government incident response, first responder engagements, and more general aspects of scene-of-crime management in the digital age

CISOs turn to security awareness solutions to change poor employee behaviors (CSO) Fast growing security awareness training market exceeds $1 billion globally

Will Your Contractors Take Down Your Business? (Infosec Island) Do you know how well your vendors, business associates, contracted third parties (who I will collectively call "contractors") are protecting the information with which you've entrusted them to perform some sort of business activity? You need to know

Design and Innovation

7 Bold Tech Ideas That Will Make You Uncomfortable (InformationWeek) Elite tech leaders pushed the boundaries at the InformationWeek Conference. At least one of these ideas should make you squirm and think, "We need to do that"

Research and Development

Crystalline Cipher and cryptography snakeoil (MaldrÛid) Martijn Grooten on Twitter (with his signature sarcastic undertone) posed a weekend challenge for anyone interested in cryptography: have fun with Crystalline Cipher and show that it is fundamentally broken. Now, I've met with Martijn only once, but from that meeting I gathered that he really loves mathematics, at least as much as I do, and has a great understanding of cryptography

Legislation, Policy, and Regulation

Government axes XP for good (CRN) Extended-support agreement will not be renewed

White House: 'Political Ambitions' of Individual Senators 'Have to Come Second to National Security' (National Journal) "At some point, the political ambitions of individual members of the United States Senate are going to have to come second to the national security of the United States," Josh Earnest said Tuesday

An Approach to Ameliorating Press-IC Tensions Over Classified Information (Lawfare) I've been thinking about the exchange over the past couple of weeks — much of which took place on Lawfare — between the New York Times and the intelligence community over the naming of CIA undercover officers in a Times story

After Snowden: The Role Of The Press In National Security (WUNC) In 2013, former National Security Agency employee Edward Snowden released classified documents

Open Letter to the Commerce Department and Legislators, Regarding Wassenaar (Zdziarski's Blog of Things) I am a published and respected forensics expert who pioneered the very first forensic techniques to extract data from the iPhone as early as 2008.. Since then, I have spend several years, and much of my time, assisting numerous law enforcement and military agencies around the world, including our own

Experts Concerned About Effects of Proposed Wassenaar Cybersecurity Rules (SecurityWeek) Adding exploits to Wassenaar is bad for security, says the industry

Should MAD Make its Way Into the National Cyber-Security Strategy? (Infosec Island) Arguably, Mutually Assured Destruction (MAD) has kept us safe from nuclear holocaust for more than half a century

Litigation, Investigation, and Law Enforcement

Target's $19M Data Breach Settlement with MasterCard Collapses (Top Tech News) Retail giant Target thought it was putting its massive 2013 data Relevant Products/Services breach nightmare to bed

Silk Road Prosecutors Ask Judge to 'Send a Message' In Ulbricht Sentencing (Wired) Ross Ulbricht's billion-dollar black market Silk Road was in many ways the first of its kind, blending encryption and online drug sales in a business model that plenty of other online drug lords have since sought to emulate

US senator urges investigation into Cisco's alleged dealings in Russia (Channelnomics) Former presidential candidate brands accusations of sanction-beating measures as 'disturbing'

"Patent troll" with a big verdict against Cisco notches a Supreme Court win (Ars Technica) It takes more than a "good faith belief" to dodge a bruising patent verdict

Using Middle Finger Emoji In UAE: A Crime That Could Land You In Court (HackRead) If you are living in UAE, you should know the dangers of flipping middle finger at someone as it could land you in prison. Nonetheless, legal experts have now also cautioned that sending an 'emoji' finger-flick gesture in a message or on social media could also land you in hot waters

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Suits and Spooks All Stars 2015 (New York, New York, USA, June 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues —...

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20,...

Upcoming Events

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...

Time for a Refresh: Technology & Policy in the Age of Innovation (East Palo Alto, California, USA, May 27, 2015) On May 27th, join technology leaders and innovators, along with industry and government experts, for a dynamic discussion around today's cyber challenges and key decisions to be made around the intersect...

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...

International Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 to June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their...

School on Computer-aided Cryptography (College Park, Maryland, USA, June 1 - 4, 2015) The goal of the school is to provide participants with an overview of computer-aided cryptography with a special focus on computer-aided cryptographic proofs using the EasyCrypt tool. Lectures discussing...

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.