skip navigation

More signal. Less noise.

Daily briefing.

Spiegel reports that the Bundesnachrichtendienst (BND) has in fact conducted electronic surveillance of allies, which Spiegel thinks reflects badly on the agency, given Chancellor Merkel's assertions to the contrary.

Australian MPs are up in arms over allegations that Russian and Chinese intelligence services attempted (with unclear success) to penetrate shipbuilders in France, Germany, and Japan (all of whom are bidding to construct Australia's next generation of submarine).

The Twitter account of Israel's Ha'aretz may have been briefly hijacked by Palestinian hacktivists.

The Crackas-with-Attitude (doubling down on their avowed pro-Palestinian inspiration) resurfaced Friday to claim they'd gotten into the Joint Automated Booking System (JABS), a portal used by US law enforcement authorities. So far their claim is supported by an apparent JABS screenshot.

Anonymous retracts some of #OpKKK's Ku Klux Klan outings.

FoxGlove Security reports finding remote code remote code execution vulnerabilities in the Java library Apache Commons Collections.

Recorded Future documents Flash's popularity with cyber criminals: it contributes eight of the top ten vulnerabilities used in exploit kits this year.

SINET 16 winner Onapsis reports vulnerabilities in SAP HANA systems, and offers mitigations.

Another SINET 16 winner, Secure Islands, is acquired by Microsoft.

BlueCoat is reported to be purchasing Elastica.

Stock analysts continue to look at last week's cyber selloff, especially FireEye's decline. Most see FireEye's drop as caused by stiffer competition (and some see difficulty integrating Mandiant) but FireEye executives add to their positions in their company.

Europe thinks the next move in Safe Harbor goes to the Americans.


Today's issue includes events affecting Angola, Argentina, Australia, Austria, Belgium, Canada, China, European Union, France, Germany, Greece, Bailiwick of Guernsey, India, Israel, Italy, Japan, Bailiwick of Jersey, Isle of Man, Mozambique, NATO, Palestine, Philippines, Portugal, Russia, South Africa, Spain, Sweden, Switzerland, Taiwan, United Kingdom, United States, Vatican.

We'll be observing Veterans Day this Wednesday, and the CyberWire will take a day off. We'll resume normal publication Thursday.

Cyber Attacks, Threats, and Vulnerabilities

Governments and NGOs: Germany Spied on Friends and Vatican (Spiegel) Efforts to spy on friends and allies by Germany's foreign intelligence agency, the BND, were more extensive than previously reported. SPIEGEL has learned the agency monitored European and American government ministries and the Vatican

Cyber torpedo alert: China, Russia hack submarine plans of bidders (The Australian) Chinese and Russian spies have attempted to hack into the top secret details of Australia's future submarines, with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months

Hackers a threat to defence: Xenophon (9 News) Hacking threats to Australia's future submarine project highlight the need to bolster cyber security, independent Senator Nick Xenophon says

Pro-Palestinian Hackers Took over Twitter Account of Israeli Ha'aretz Newspaper (HackRead) Pro-Palestine activists Hacked Ha'aretz Newspaper's Twitter Account and Posted: "Our martyrs' mothers will drink your soldier's blood"

CIA Email Hackers Return With Major Law Enforcement Breach (Wired) Hackers who broke into the personal email account of CIA Director John Brennan have struck again.

Anonymous "unhoods" alleged KKK members but innocents are smeared (Naked Security) Members of the loose hacker collective Anonymous followed through on a pledge to release the names of members of the Ku Klux Klan, but #OpKKK was flawed from the get-go by uncoordinated document dumps and smearing of innocent people who are in no way connected to the KKK

Remote Code Execution Flaw Found in Java App Servers (SecurityWeek) Several popular Java-based products are affected by a serious vulnerability that can be exploited by malicious actors to remotely execute arbitrary code

Dangerous bugs leave open doors to SAP HANA systems (IDG via CSO) The bugs could expose financial and customer data, product pricing info and more

Onapsis Discovers and Helps Mitigate New Critical Cyber Security Vulnerabilities Affecting All SAP HANA-Based Applications, Including SAP S/4HANA and SAP Cloud Solutions (BusinessWire) Onapsis Research Labs protects SAP customers against new critical risks that could allow cyber attackers to steal, delete or modify corporate business information

Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits (Recorded Future) Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015

No surprise here: Adobe's Flash is a hacker's favorite target (IDG via CSO) A new study adds to already compelling evidence that Flash should be retired

Trojanized Adware Floods Third-Party Android App Stores (InformationWeek) New security research from Lookout suggests that several strains of trojanized adware are targeting third-party Android app stores. The safe bet is to use Google Play

Leaky mobile phones are 'betraying' us (Naked Security) Mobile apps are regularly leaking information to third parties, according to research from the Massachusetts Institute of Technology (MIT), Harvard, and Carnegie-Mellon

Apple's XcodeGhost malware still in the machine... (Naked Security) It's about six weeks since we first wrote about XcodeGhost

Is Your Business Still Running Infected Apple Apps? (Small Business Trends) When Apple found out XcodeGhost had infected more than 4,000 applications in its Apple Store recently, the company took immediate actions to identify the infected apps and remove them from its App Store. Apple then released a set of new security features to stop this activity

DRIDEX: Down, But Not Out (TrendLabs Security Intelligence Blog) On October 13, American and British law enforcement took action against the notorious DRIDEX botnet with the goal of stopping the activities of the notorious online banking threat

Cheap OmniRAT malware used to spy on Android, Windows, Linux, Mac devices (Help Net Security) European law enforcement agencies recently targeted users of the DroidJack mobile phone RAT, and likely made other would-be users refrain from buying and using that particular piece of malware

Comcast resets nearly 200,000 passwords after customer list goes on sale (CSO) Dark Web market ad offering Comcast accounts in bulk

Software products firm Zoho faces cyber attack, blackmail from hackers (Business Standard) Hackers used distributed denial-of-service type of attack to flood Zoho's servers with requests from multiple sites

Touchnote hacked — tells users to reset their passwords (Graham Cluley) Touchnote, an online service which takes your digital photographs and then sends them to loved ones as a physical postcard, has been hacked

Encrypted email provider ProtonMail caves in to extortion, hands over $6000 (Naked Security) Swiss–based encrypted email provider ProtonMail — developed at the CERN research facility in 2013 to withstand surveillance by the world's increasingly inquisitive intelligence agencies — has revealed that it handed over 15 bitcoins (about $6000/£4000) to stop a Distributed Denial of Service (DDoS) attack

ProtonMail says it won't ever again pay ransom to DDoS blackmailers (Graham Cluley) A couple of days ago, on the blog where it is documenting its fight against DDoS attackers, secure email service ProtonMail explained that it had paid a $6000 ransom to attackers

Ransomware Now Gunning for Your Web Sites (KredsOnSecurity) One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user's documents and files with very strong encryption

The kernel of the argument (Washington Post) Fast, flexible and free, Linux is taking over the online world. But there is growing unease about security weaknesses

Google says 19,000 organizations are trying or using Android for Work, but security questions linger (FierceMobileIT) Google has announced plans to push updates to Android for Work based on the latest iteration of its mobile OS, Android Marshmallow

The Top 5 Data Breach Vulnerabilities (Forbes) In previous blogs I've focused on some very specific data breaches and specific defense mechanisms. I often find CEOs, particularly owners of small businesses, who don't know how to approach security, or even if they have a firewall in place

Security Like the Dickens (PYMNTS) With the holiday shopping season upon us and projections for consumer spending looking rosy, retailers are certainly keeping a keen eye on security issues that could shake consumer confidence and cut into profits

Bulletin (SB15-313) Vulnerability Summary for the Week of November 2, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Advantech Clears Hard-Coded SSH Keys from EKI Switches (Threatpost) Critical industrial switches used worldwide for automation contained hard-coded SSH keys that put devices and networks at risk

First update for Windows 10 may come next Patch Tuesday (FierceCIO) Microsoft released a new build for Windows 10 Insider testers that could signal an impending update for the new OS

Cyber Trends

The rise of the hacker (Economist) Computers are not great for storing secrets

Ovum: Data Breaches Offer a Good Case for Cloud Security (Infosecurity Magazine) Despite cloud security fears, the ongoing epidemic of data breaches is likely to simply push more enterprises towards the cloud

States' Cyber Security Readiness Presents "Grim Picture" Pell Study Finds (Dark Reading) Just eight states of 50 fared decently in a Pell study on their preparedness to deal with current and emerging cyberthreats

Is The United States Prepared For A Massive Cyberattack? (National Geographic) No, says broadcast journalist Ted Koppel, in a new book that explains why the Internet is potentially a weapon of mass destruction

Cyber-criminal sphere a serious threat for SA (Business Day Live) Last year, SA had the most cyber attacks of any country on the continent. In 2014, losses from cyber crime reached an estimated R5bn annually


What The Boardroom Thinks About Data Breach Liability (Dark Reading) Most public companies subscribe to cybersecurity insurance of some sort, and 90% say third-party software vendors should be held liable for vulnerabilities in their code

Inside the economics of hacking (Washington Post) Imagine getting $1 million for finding a security weakness in a mobile operating system

FireEye: Is the Selling Deluge Overdone? (Motley Fool) The rapidly growing cybersecurity company missed expectations on a key metric and lowered full-year guidance. Did investors overreact in the ensuing sell-off?

FireEye: Growing Competition In Sector Dims Flame (Seeking Alpha) FEYE's lowered billings guidance for the fourth quarter a sign that growing competition in the sector is slowing growth

FireEye's Stock Is Collapsing for One Key Reason (DCInno) Mandiant, an Alexandria, Va.-based cyber forensics company that was acquired in January 2014, may be at the heart of FireEye's (FEYE) recent stock woes, according to FBR Capital Markets analysts

FireEye +6.2%; CEO, CFO buy shares following plunge (Seeking Alpha) CEO Dave DeWalt bought 22.5K shares earlier today. CFO Michael Berry bought 13.5K shares

FireEye Earnings Illustrate Why You're More Secure With HACK (Seeking Alpha) FEYE showed why owning a single cyber security stock is high risk

Is The Party Over For CyberArk? (Seeking Alpha) CyberArk continues to outshine sector peers with strong earnings and free cash flow generation

Moodispaw's legacy guiding KEYW as it looks to grow (Baltimore Sun) When Leonard Moodispaw died in June, KEYW Corp. lost not just its top executive, but its founder and visionary — the brains behind its Margaritaville-inspired spin on federal contracting

TalkTalk boss Dido Harding set to reassure on cyber attack (Express) TalkTalk chief executive Dido Harding will issue a fresh apology to customers affected by the cyber attack on the telecoms group this week when she unveils its first-half results

Microsoft Goes For Another Israeli Security Firm Buying Secure Islands (TechCrunch) Israel is a small country with a thriving security startup industry, and Microsoft appears to be have a taste for them. Today it announced an agreement to buy Secure Islands, its third Israeli security firm in the last year

Source: Blue Coat is buying cloud security startup Elastica for more than $300M (VentureBeat) Blue Coat Systems, a security vendor owned by Bain Capital, is acquiring Elastica, a startup that detects potentially dangerous use of cloud applications

CSC US Govt-SRA Combination Unveils Business Plan, Exec Team & Board to Investors (GovConWire) The company being formed out of Computer Sciences Corp.'s (NYSE: CSC) U.S. government business and SRA International has revealed more details of its business plan in Wednesday filings with the Securities and Exchange Commission and a presentation to investors in New York held Thursday

Intel Security Confirms Divestiture Of McAfee NGFW, Firewall Enterprise Businesses In Memo To Partners (CRN) Intel Security for the first time confirmed its divestiture of its McAfee Next-Generation Firewall and McAfee Firewall Enterprise businesses in a memo to partners Wednesday evening

Products, Services, and Solutions

Airbus Defense Cuts Keys To Lock Up Cyber Security (Aviation Week) As combat aviation evolves, the plethora of sensors and subsystems fielded on individual platforms increases

Sophos Launches Security Heartbeat To Bring Together Network, Endpoint Capabilities (CRN) Sophos is launching a new technology Monday that synchronizes threat intelligence and automation across endpoint and network levels

Microsoft may have the most secure smartphone OS in Windows Phone (Neowin) Low sales, stagnation, a formidable app gap and lack of popular features. These are just some of the accusations levied against Windows Phone but Microsoft may have at least one thing going for it in the mobile department: security

Avast says its mobile anti-theft app can now withstand a factory reset (Stuff) And guess who scares us more than cyber criminals when it comes to the naughty stuff on our phones?

TrapX CEO on the art of deception in cyber security (Computer Business Review) C-Level Briefing: Deception technology firm boss explains why ancient tactics apply in the modern age

CloudFlare Supplies Security At Network's Edge (InformationWeek) CloudFlare is a startup that has invested in security-as-a-service, and distributes it with a low latency to the edge of the network. Microsoft, Google, and others have taken notice

Symantec Offers Tailored Threat Intelligence For Businesses (TechWeek Europe) Know thy enemy. Symantec service gives businesses answers to specific questions to improve cyber defences

Technologies, Techniques, and Standards

DNS Reconnaissance using nmap (Internet Storm Center) In a penetration test (PenTest) a thorough reconnaissance is critical to the overall success of the project

3 Warning Signs Of A Breach — What Security Teams Should Be Looking For (TechCrunch) Every company struggles to allocate security resources. It's not that security pros don't have the tools to improve their risk postures — it's that they don't have the time

Internet of Things: Security, Compliance, Risks and Opportunities ( The Internet of Things (IoT) is pushing an information-driven shift to connected devices in the enterprise world at large

Why Depending on Cyber Risk Assessments is a Risk (SecurityWeek) Just this past week, a recent study hit the news that concluded — as many studies have before it — that the Transportation Security Administration (TSA) is fundamentally not effective at making air travel more secure in a post-9/11 world

What Flu Season Can Teach Us About Fighting Cyberattacks (Dark Reading) Cybersecurity doesn't have to be an arms race towards complexity if we put people front and center of the solution

Design and Innovation

The Future of Passwords Isn't Just Biometric, It's Behavioral (Inverse) Even fingerprints and eyeballs can be hacked. Replicating interactions, however, is nearly impossible

Google Just Open Sourced TensorFlow, Its Artificial Intelligence Engine (Wired) Tech pundit Tim O'Reilly had just tried the new Google Photos app, and he was amazed by the depth of its artificial intelligence

EMV's Real Disruption Is for Online Payments (Payments Source) The EMV deadline has come and gone, and customers and retailers alike are realizing that they need to understand and adapt to the new payment reality both online and offline

Crowdsourced Threat Intelligence: A paradigm shift in Cyber Security (Imperva) What is common between your traffic data, music playlists, and news feeds today?

Legislation, Policy, and Regulation

My work at GCHQ and the surveillance myths that need busting (Guardian) Many words about GCHQ have appeared over the last two years — but rarely have they been GCHQ's own word

EU says negotiations for 'Safe Harbor 2.0' must be complete by January, reminds US of downgraded data protection status (FierceCIO) Switzerland, Canada, Argentina, the Bailiwicks of Guernsey and Jersey, and the Isle of Man are all states better than the U.S. at protecting the data of European citizens

US must make next move on Safe Harbor (IDG via CSO) The European Union expects the U.S. to make the next move in negotiating a replacement for the Safe Harbor Agreement

Japan to heighten cyber security (Daijiworld) Prime Minister Shinzo Abe on Friday said Japan will take all possible measures to heighten computer security ahead of next year's G-7 summit and the Tokyo Olympics in 2020

Japan Its Own Enemy in Push to Improve Cybersecurity (ABC News) Apart from rogue hackers, criminal organizations or even state-backed cyberwarfare units, Japan's businesses and government agencies are facing a unique cybersecurity foe: themselves

Opinion: Will TPP undermine the global Internet? Read this before you decide (Christian Science Monitor Passcode) Now that the White House has released the controversial Trans-Pacific Partnership text, critics and proponents alike can have a more informed discussion about its effect on the Open Internet

Legal scholars set guidelines for cyber skirmishes in Tallinn Manual (Pittsburgh Tribune-Review) After President Obama publicly blamed North Korea for a computer attack on Sony Entertainment and vowed the United States would respond in some fashion, that country's Internet service went out for more than nine hours

U.S. Sets Precedent on Dealing With Cyberattacks (Government Technology) After the cyberattack on Sony Pictures, the Obama administration set of responses has been dubbed as the "Cyber Monroe Doctrine"

NSA discloses most security flaws, but that's not the whole story (Engadget) The National Security Agency is opening up a bit about how it discloses security exploits… though not by much

DoD issues cyber-risk memo for weapons-buying (C4ISR & Networks) The Defense Department's acquisition chief is targeting the integration of cybersecurity into military acquisition, recently issuing new guidance that revises existing policies and emphasizes information assurance and systems resiliency

Hacked Opinions: The legalities of hacking — Lisa Berry-Tayman (CSO) Lisa Berry-Tayman talks about hacking regulation and legislation

Hacked Opinions: The legalities of hacking – Sol Cates (CSO) Sol Cates, from Vormetric, talks about hacking regulation and legislation

Litigation, Investigation, and Law Enforcement

Websites can keep ignoring "Do Not Track" requests after FCC ruling (Ars Technica) Petition to impose Do Not Track requirements rejected by commission

GCHQ and NCA join forces to police dark web (ComputerWeekly) GCHQ and the National Crime Agency are to track down paedophiles and serious online criminals by using the techniques and expertise used to find terrorists

Man charged for bogus tweets that sent stocks plummeting (Naked Security) A Scottish citizen was indicted on Thursday by a federal grand jury in San Francisco for allegedly using Twitter to spread disinformation, causing the stock prices of two companies to plummet

Teen arrested over TalkTalk cyber attack sues papers for alleged privacy breach (Belfast Telegraph) A Co Antrim schoolboy arrested over the cyber attack on TalkTalk is suing three national newspapers for alleged breach of privacy, it has emerged

VW Ingenieure schummelten aus Angst vor Winterkorn — VW Engineers Cheated! (Supply Chain 24/7) Several Volkswagen engineers have admitted manipulating carbon dioxide emissions data because goals set by former Chief Executive Martin Winterkorn were difficult to achieve

EMC, hospital to pay $90,000 over stolen laptop with medical data (IDG via CSO) The theft of the laptop from an employee of EMC goes back to 2012

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

Upcoming Events

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The Threat Expo will bring together thought leaders who...

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...

Data Privacy, Data Security, and Business Risks — What Lawyers Should Know (Baltimore, Maryland, USA, November 12, 2015) Continuing Legal Education presented by the Baltimore Bar Association. The sessions will include "An Overview of Data Privacy Laws Issues for Lawyers,? ?Obligations to Keep Data Secure? Cyber Insurance??...

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, November 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set...

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Cybersecurity, the SEC and Compliance (New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...

Internt-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.