skip navigation

More signal. Less noise.

Daily briefing.

Iranian cyber operators continue to probe US networks with social-media enabled espionage attempts against the State Department.

In Southwest Asia, Turkish hacktivists express their support for Turkey's downing of a Russian combat aircraft along the Syrian border with a takedown of the Russian Central Bank website. (Russia's President Putin has called Turkey a de facto ally of ISIS.)

And north, in the Caucasus, cyber-rioting flares up as Armenian hackers steal bank info from Azerbaijan.

Investigations into the Paris attacks continue, as do inquiries into ISIS recruitment, which seems very much a friends-and-family affair, despite widespread legitimate concern over ISIS's mass appeal.

The Anonymous war on ISIS appears to be fizzling out, despite ongoing media speculation about how the hacktivist collective could degrade jihadist command-and-control. Observers express skepticism that taking down ISIS sites will help, much: one might look to China's Great Firewall (recently bulked up to block VPN use in the hinterlands) as a cautionary example of how effective that approach can be.

The crypto debates continue, post-Paris.

Pearson VUE's Credential Management System has been compromised through a third-party, and malware injected into the system. It's been taken offline pending remediation.

The eDellroot self-signed certificate issue attracts more scrutiny. Criminals are expected to seek to exploit corporate users first, and the vulnerability raises the general risk of man-in-the-middle attacks for everyone, whether they're working on a Dell or not. There are also other problematic certificates in the machines: Duo Security has found two.

Crimeware infestations surge as the holidays arrive.


Today's issue includes events affecting Armenia, Australia, Austria, Azerbaijan, Belgium, China, European Union, France, Germany, India, Iran, Iraq, Italy, Malaysia, Russia, Syria, Taiwan, Turkey, United Kingdom, United States.

As we celebrate Thanksgiving, the CyberWire will not publish this Thursday or Friday. We'll resume normal publication on Monday, November 30. Best wishes for the holiday.

Cyber Attacks, Threats, and Vulnerabilities

Iranian Hackers Attack State Dept. via Social Media Accounts (New York Times) Four months after a historic accord with Tehran to limit its atomic ambitions, American officials and private security groups say they see a surge in sophisticated computer espionage by Iran, culminating in a series of cyberattacks against State Department officials over the past month

Turkish Attackers Shut Down Russian Central Bank Website (Hack Read) Turkish hackers just took down the official website of Russian Central Bank amid tension near Syrian-Turkey border

Armenian Group Hacks Azerbaijan Central Bank, Leaks A Trove of Data (Hack Read) The cyber war between Armenians and Azerbaijani hackers is never ending — like in this recent cyber attack in which the Armenian hackers leaked trove of data containing banking details of Azerbaijani citizens

Official: Paris attacks organizer was planning more carnage (USA Today) The man believed to have planned the Nov. 13 Paris attacks that killed 130 people and wounded hundreds more had likely planned to carry out another suicide bombing days later in the French capital's business district, the Paris prosecutor said Tuesday

Expert: Friends Recruit Most Islamic State Fighters (ABC News) Three-quarters of those who become foreign fighters for the Islamic State extremist group are recruited through friends and 20 percent through family members, a terrorism expert said Tuesday

"Before they were jihadists, they were French kids:" France's new existential threat (Quartz) There is a new and chilling element to the terror threat in France, French terrorism experts say: suicide bombers

Did Anonymous Just Save the World from ISIL? (War on the Rocks) Last week, a new cyber front emerged in the war against the Islamic State in Iraq and the Levant (ISIL)

Credential manager system used by Cisco, IBM, F5 has been breached (Help Net Security) Pearson VUE, a provider of computer-based assessment testing for regulatory and certification boards, has announced that its Credential Manager system (PMC) has been compromised by an unauthorized third party with the help of malware

Public Statement Regarding Pearson Credential Manager System (Pearson) We recently were made aware that an unauthorized third party placed malware on Pearson VUE's Credential Manager System—which is used by adult learners to support professional certifications and licenses. The unauthorized third party improperly accessed certain information related to a limited set of our users

Cisco Cert Tracker Offline After Pearson VUE Breach (Dark Reading) Third-party certification credential manager used by Cisco and others is taken down after malware infection

Vulnerability Note VU#870761: Dell Foundation Services installs root certificate and private key (eDellRoot) (US-CERT) Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle (MiTM), and passive decryption attacks, resulting in the exposure of sensitive information

Additional Self-Signed Certs, Private Keys Found on Dell Machines (Threatpost) eDellroot is not the only self-signed trusted root certificate on Dell computers

Dell's security-shattering PC root certificate debacle: What you need to know (PC World) The full scope of the incident is still unclear, but there's a removal tool available

Dell Promises To Kill Dangerous Security Certificate It Shipped On PCs (Forbes) Dell has today decided to remove a certificate that was supposed to provide security and assistance to its PC owners, after it was heavily criticised for actually placing users in danger

Response to Concerns Regarding eDellroot Certificate (Direct2Dell) Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability

Dell's 'apology' for eDellRoot fails to say sorry for putting your security at risk (Graham Cluley) Maybe it's just me, but I think it's important to actually say "sorry" sometimes

Peering Into GlassRAT: A Zero Detection Trojan from China (RSA) RSA Research has discovered a "zero detection" Remote Administration Tool (RAT) dubbed GlassRAT, signed with a certificate which appears to have been misappropriated from a popular software developer in China

GlassRAT linked to earlier geopolitical malware campaigns (Graham Cluley) Security researchers at RSA have discovered that the GlassRAT remote administration trojan (RAT) might have been in the same command and control (C&C) infrastructure shared in geopolitical malware campaigns observed earlier this decade

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware (Threatpost) In short order, the newest version of Cryptowall has begun showing up in exploit kits

Is a software company the next step in the advancement of ransomware? (SC Magazine) Since other malware types have a presence that is immediately noticeable, ransomware is said to be the first problem child piece of malware.

DRIDEX Spam Runs Resurface Against US Targets (TrendLabs Security Intelligence Blog) DRIDEX is steadily regaining its footing in the US just over a month after its takedown orchestrated by US and UK law enforcement agencies

Researchers poke hole in custom crypto built for Amazon Web Services (Ars Technica) Even when engineers do everything by the book, secure crypto is still hard

s2n and Lucky 13 (Amazon Web Services Security Blog) Great security research combines extremely high levels of creativity, paranoia, and attention to detail. All of these qualities are in evidence in two new research papers about how s2n, our Open Source implementation of the SSL/TLS protocols, handles the Lucky 13 attack from 2013

Inside TDrop2: Technical Analysis of new Dark Seoul Malware (Palo Alto Networks) Palo Alto Networks recently identified a new campaign targeting the transportation sector in Europe with ties to the Dark Seoul and Operation Troy campaigns that took place in 2013

This gizmo knows your Amex card number before you've received it (IDG via CSO) American Express appears to have used a weak algorithm to generate new card numbers

Bluebox Study Finds Security Flaws In 5 Popular Payment Apps (Dark Reading) Lack of security combined with increased mobile use this holiday season sets stage for mobile breach

'Tis the Season to Risk Mobile Payments (Bluebox) The holiday shopping season has arrived and with increasing popularity of mobile payment apps from Apple Pay to Venmo, consumers are using their mobile devices more than ever to spend and send money

Stealthy ModPOS Is 'Most Sophisticated PoS Malware' Ever (Dark Reading) More than just a point-of-sale card scraper, it's modular malware, and every module is a rootkit

Cyber Monday: What Retailers & Shoppers Should Watch For (Dark Reading) Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach

Which Damaged National Security More: the OPM Data Breach or Edward Snowden? (Overt Action) In late September, the Office of Personnel Management (OPM) announced it had significantly underestimated the number of fingerprints stolen in last spring's massive data breach

The Sony Hack One Year Later: Just Who Are The Guardians Of Peace? (Deadline) It was the most devastating cyber-crime ever committed against an American corporation, and its repercussions are still being felt not only in Hollywood but across the country and around the world

Leaked Data Search Engines Flood Chinese Cyber Underground (Infosecurity Magazine) The Chinese cybercrime underground has evolved to feature search engines to help darknet users find leaked data, and ATM and POS skimmers to capitalize on the growing consumer trend for non-cash payments, according to Trend Micro

Chinese underground leads the world in cyber criminal innovation (ITWire) Two years ago, the last research report by Trend Micro on the bustling Chinese underground saw compromised hosts, DDoS attack tools services, and remote access Trojans (RATs) being sold

Hilton Hotels admits hackers planted malware and stole customer card details (Graham Cluley) This evening Hilton Worldwide issued a statement confirming rumours that have swirled around for the last couple of months, stating that malware had found its way onto point-of-sale systems and stole payment card information

Facebook 'Most Used Words' game accused of stealing and selling user data (Naked Security) Do you know what words you use most on Facebook?

Security Patches, Mitigations, and Software Updates

Lenovo Patches Vulnerabilities in System Update Service (Threatpost) Lenovo has patched two serious vulnerabilities that hackers could abuse in targeted attacks, or at scale, to easily guess administrator passwords on a compromised device, or elevate privileges to Windows SYSTEM user

Network protocol analyzer Wireshark 2.0 released (Help Net Security) Wireshark, the most popular network protocol analyzer, has reached version 2.0. It features a completely new user interface which should provide a smoother, faster user experience

Yahoo blocking email access to those who block adverts (Graham Cluley) Over the 2013/2014 new year period, Yahoo was found to be pushing malware onto hundreds of thousands of internet users every hour in the form of poisoned adverts

Cyber Trends

Cyber-terror: How real is the threat? Squirrels are more of a danger (Register) No, go ahead, let's spend billions worrying about an iPearl Harbor

The Youthful Side Of Hacking (Dark Reading) If the iconic 1955 movie Rebel Without a Cause was remade today, would James Dean be a computer hacker?

Good news for security leaders on breach preparedness efforts (CSO) Good news for security leaders on their breach preparedness efforts with pointers on where to focus for further gains

Mega breaches having little influence on IT priorities (ZDNet) 451 Research survey shows IT project plans lightly influenced by breaches despite concerns about hackers, crackers with malicious intent

Navigating the internet of security nightmares (Technology Spectator) As recently as ten years ago, IT security was an afterthought in the lifecycle of software development with security features often only added after a vulnerability was exploited and it caused meaningful disruption

Remote working on the rise despite security concerns (Help Net Security) Remote working is increasing in popularity as 96 percent of surveyed organisations now permit remote/mobile working, with 98 percent stating that it is advantageous to their organisation, according to Vanson Bourne


Handicapping Enterprise Security Vendors (Network World) Huge opportunity for enterprise security leaders to become multi-billion dollar businesses over the next few years

IBM's CEO On Hackers: 'Cyber Crime Is The Greatest Threat To Every Company In The World' (Forbes) The British insurance company Lloyd's estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business

Symantec sharpens security arsenal (Business Spectator) Symantec is about to start life as a stand-alone cybersecurity vendor early next year and the company's global CEO, Michael Brown, is confident its burgeoning coffers and a razor-sharp focus in the enterprise space gives it the ammunition to shake up the market

FEYE Stock: Is FireEye a Screaming Bargain? (InvestorPlace) Don't assume that gains for FireEye stock last week mean that FEYE will keep going higher

FireEye — Ninja of Incidence Response (Computerweekly) When a bank is attacked by armed robbers intent on stealing money, public sympathy is with the bank

NCC Group makes £93.5m swoop for Netherlands cyber security firm (Manchester Evening News) Technology firm NCC Group is making its mark in the Netherlands after agreeing to a £93.5m deal to acquire high-end cyber security firm Fox IT

Covata Attracts New Investment from Fidelity International (Yahoo! Finance) Covata Limited (Covata or the Company) has entered into a binding agreement for an Institutional Equity Placement with Fidelity International

Startup Fortscale Updates Security Suite, Banks $16M in VC (eWeek) Fortscale's user behavior analytics software can identify and eliminate insider threats by using machine learning, analytics capabilities and context-based alerting

Tor Turns To Crowdfunding To Lessen Its Dependence On Government Money (TechCrunch) Tor, the network that facilitates hidden communications and secure Internet activity, has begun accepting donations in a move aimed at lessening its financial dependence on the U.S. government

NJIT Presents Comodo with NJTC Outstanding Technology Development Award (New Jersey Institute of Technology) For the 19th consecutive year, the NJ Tech Council (NJTC) hosted an awards celebration to recognize and celebrate tech and life sciences companies for their accomplishments in leadership, collaboration and innovation

ThreatConnect named a 2015 Red Herring 100 Global award winner (ITWeb) Security's leading threat intelligence platform snags second prestigious Red Herring Award in 2015

RedSeal Selected as a 2015 Red Herring Top 100 Global (Marketwired) RedSeal (, the cybersecurity analytics company, today announced it has been selected as a 2015 Red Herring Top 100 Global winner for its work helping organizations maximize digital resilience against cyber events

Sean Tierney to lead threat intelligence at IID (SC Magazine) Sean Tierney, a former Morgan Stanley cyberdefense expert, is the new vice president of threat intelligence for IID, a Tacoma, Wash.-based cybersecurity company

Products, Services, and Solutions

"The Keypasco mobile security App enhances our ability to compete," states HuaNan Commercial Bank's President Mr. Bruce L. Y. Yang. (Keypasco) HuaNan Commercial Bank (HNCB) is very satisfied with the Keypasco authentication solution on mobile phone for the bank's Internet banking and mobile banking service

Secure Wi-Fi: The Fortinet way (Wireless Watch) No longer is Wi-Fi the weakest link in your network

Irwin Mitchell Selects Darktrace to Deliver Best-of-Class Cyber Security (BusinessWire) Leading UK law firm uses Enterprise Immune System for early threat detection

Technologies, Techniques, and Standards

Data Integrity (National Institute of Standards and Technology (NIST)) Constant threats of destructive malware, malicious insider activity, and even honest mistakes create the imperative for organizations to be able to quickly recover from an event that alters or destroys data

New Bank Examination Procedures for Cybersecurity (JDSupra) There is no more pressing problem facing business organizations today, of all types, than cybersecurity threats. For a highly regulated industry like banking, regulators are watching closely to see how the IT governance structure at a bank can manage this risk

FFIEC Information Technology Examination Handbook: Management (Federal Financial Institutions Examination Council) The "Management" booklet is one of 11 booklets that make up the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook)

Bloggers Put Bounty on DDoS Extortionists (Softpedia) Site owners decide to go after DDoS attackers instead of filling their pockets

Five Questions to Ask when Considering Cyber Threat Intelligence (SecurityWeek) Traditional defenses have proven insufficient in protecting organizations from adversaries who are increasingly exploiting the digital shadows of organizations to launch targeted attacks

Lessons learned from the Adobe data breach (TechTarget) Adobe CSO Brad Arkin spoke at the recent Privacy. Security. Risk. 2015 event about his experiences dealing with the company's massive data breach two years ago

Un-hack me: Tips for staying cyber-safe at Thanksgiving (CNBC) Since hackers won't be taking Thanksgiving off, holiday travelers cannot afford to slip into bad habits

Facebook Friend Request — Know your Enemy (Check & Secure) Sometimes identity theft is very complicated

Design and Innovation

VW's Slow Agony Illustrates Carmakers' Problem With Software (IEEE Spectrum) Behind the bit-by-bit revelations of Volkswagen's emissions-cheating scandal lies a larger problem: old-line carmakers are increasingly out of their element in a software-driven manufacturing world, aka the Internet of Things

Research and Development

China Working on Its Own Secure Smartphone for Government Officials (Hack Read) China is working on developing its own smartphone for government officials to avoid snooping from the enemy side

Legislation, Policy, and Regulation

India and Malaysia sign cyber-security pact (First Post) India and Malaysia signed three agreements on cyber-security, cultural exchange and infrastructure development on Monday, the third day of Prime Minister Narendra Modi's visit to this southeast Asian nation

China Punishes VPN Users In Its Rural Northwest By Cutting Their Mobile Service (TechCrunch) China's crackdown on VPNs, software that enables Internet users circumvent the country's web censorship, continues unabated after the New York Times reported that VPN users in one part of the country had their mobile service cut entirely

Shutting Down Jihadist Websites Won't Stop Terrorism (Atlantic) Censoring the web isn't just illiberal — it's bad policy

The current wave of data protection regulations and how it will affect the infosec industry (Help Net Security) In 2016, the EU is set to review the next draft of The Network and Information Security (NIS) 'cybersecurity' directive which will bring new compliance requirements into place, not just for EU companies but all companies who deal with EU consumer data

5 things we learned from inside the U.S. intelligence war (CNN) In the wake of the attacks in Paris, the world's attention has refocused on terrorism, and in the U.S., conversations about national security have increased in both frequency and force

A Practical Guide To The Encryption Debate: A Failure Of Analysis Not Encryption (Forbes) Lost in all of the heated rhetoric and sensationalized headlines about the future of encryption over the past year is the pragmatic reality of what options are realistically possible and what might be their unintended impacts

An encryption back door won't actually help intelligence agencies (CSO) Intelligence and law enforcement agencies in the United States have escalated the fight for a back door in encryption algorithms in the wake of the recent attacks in Paris

The Paris Attacks Were Tragic, but Cryptography Isn't to Blame (Yahoo! Tech) We have met the enemy, and it is math

John Bansemer Nominated to ODNI Partner Engagement Assistant Director Post (ExecutiveGov) Air Force Maj. Gen. John Bansemer, deputy chief of the central security service at the National Security Agency, has been nominated to the role of assistant director of national intelligence for partner engagement

Litigation, Investigation, and Law Enforcement

FBI has lead in probe of 1.2 billion stolen Web credentials: documents (Reuters) A hacker who once advertised having access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N) has been linked through a Russian email address to the theft of a record 1.2 billion Internet credentials, the FBI said in court documents

Facebook deals with more EU privacy battles, this time in Austria (Silicon Angle) Facebook has been fielding accusations of privacy violations in the European Union for some time now, and the social media giant is currently fighting a legal battle in Belgium over how it tracks non-users with cookies

TalkTalk hack: Llanelli man arrested and bailed (BBC) An 18-year-old who became the fifth person to be arrested in connection with an alleged data theft from TalkTalk has been released on bail

Cold War spy Ronald Pelton freed from federal custody (Stars and Stripes) A former National Security Agency employee convicted of selling defense and communication secrets he gained during his career has been released from federal custody 30 years after his arrest

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...

IoT Security Foundation Conference (London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of...

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, December 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices...

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...

Enterprise Security and Risk Management (London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most...

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, December 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Cargo Logistics America (San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference...

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network...

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise...

Cyber Security Breakdown: Washington DC (Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Cyber Security Exchange (Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...

Disrupt London 2015 (London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.