skip navigation

More signal. Less noise.

Daily briefing.

Lawfare reads ISIS's online magazine and discerns in the group's information operations an oddly Trotskyite intention: worsen conditions and heighten contradictions, thereby bringing about not the revolution, but a worldwide Caliphate.

An Anonymous group takes a poke at ISIS by defacing an ISIS website with a bogus Viagra ad. (Higher priorities, however, engage the hacktivist collective: punishing Iceland in cyberspace for Icelandic whaling.) Pro-ISIS hackers deface a Wisconsin county's veterans' services page with a perfunctory Islamist message.

Iran's foreign ministry denies anything to do with hacks of the US State Department, but says the US deserved them anyway.

Cyber-rioting between Indian and Pakistani hacktivists continues.

Toy maker VTech has been breached, and customer data lost.

The Encoder ransomware family continues its spread through Linux servers, with an odd promise to victims: if you're in Russia or the Commonwealth of Independent States (that is, the friendlier or more frightened precincts of the Near Abroad), the criminals are sorry and will decrypt your files at no charge to you.

iSight describes the ModPOS point-of-sale malware as unusually dangerous and stealthy. Some agree, but others (notably Verizon) remain skeptical, so the jury's still out.

LANDESK reports a breach that exposed employees' personal information, but some insiders hint the threat may be broader.

Analysts warn that medical devices are soon likely to be targets of new attacks, including ransomware.

Industry digests news that cyber security will now affect credit ratings.

NSA stopped bulk collection of phone records Sunday. Many policy wonks already miss it.

Notes.

Today's issue includes events affecting Australia, Armenia, Azerbaijan, Belarus, Belgium, Bulgaria, Canada, China, Czech Republic, European Union, France, Iceland, India, Iran, Iraq, Kazakhstan, Democratic Peoples Republic of Korea, Republic of Korea, Kyrgyzstan, Moldova, Pakistan, Russia, Singapore, Sweden, Syria, Tajikistan, United Kingdom, United States, Uzbekistan, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

What Does ISIS Really Want Now? (Lawfare) In the latest issue of Dabiq, ISIS's on-line magazine, the organization sets forth two principal but contradictory goals, which it labels "options"

Pro-ISIS Group Hacks Richland County Veterans Services Website (Hack Read) It seems that the Richland County, Wisconsin is the new victim of the pro-ISIS hackers as Team System DZ hacked three of the county's domains this Sunday

Anonymous Hacks ISIS Website, Defaces it with Viagra Ad (Hack Read) Just a week after the news of ISIS moving their online operations to the dark web, one of their main websites has been taken down by Ghost Sec hackers who have been in a relationship with the Anonymous group

Anonymous Crushes Almost Every Iceland Govt Site Against Whale Slaughter (Hack Read) Anonymous kicked started the operation #OpWhales and shut down almost all the Iceland government websites for about 13 hours as a protest against the whaling practices in Iceland

Iran dismisses cyber attack on U.S. (Tehran Times) Foreign Ministry spokesman Hossein Jaber Ansari has dismissed claims that Iran has made cyber attacks on the United States State Department

Indian group hacks into Pakistan websites, post patriotic messages as 'payback' for 26/11 (Firstpost) The group, identified as Team Indian Black Hats, hacked into Pakistani websites, including a high profile Pakistan government website

MP cop portal falls to Pak hackers (Times of India) A portal of Madhya Pradesh police was hacked for third time by Pakistani hackers

On China's fringes, cyber spies raise their game (Reuters) Almost a year after students ended pro-democracy street protests in Hong Kong, they face an online battle against what Western security experts say are China-sponsored hackers using techniques rarely seen elsewhere

Vtech breached, customer data stolen. Change your password now! (Naked Security) What's worse that a data breach of your personal data?

Data breach at Hong Kong toy maker VTech highlights broader problems (Reuters via Business Insurance) The theft of toy maker VTech Holdings Ltd.'s database highlights a growing problem with basic cyber security measures at small, nonfinancial companies that handle electronic customer data, industry watchers said on Monday

Linux crypto ransomware continues to wreak havoc, but there's some good news (Help Net Security) Trojan Encoder crypto ransomware family, whose main target are web servers running on Linux, is obviously making quite a splash

Plusnet ignores GCHQ, spits out plaintext passwords to customers (Register) At least we don't email them, says security-shy telco

GPS faker software broadcasts spam across thousands of fake profiles (Help Net Security) Different from traditional email spam, social spam can reach a large audience by nature of the platform and can appear trustworthy since it is coming from people in your social network

Cybersecurity experts warn about ModPOS malware aimed at retailers (Los Angeles Times) Just as millions of Americans are steeling themselves for the holiday shopping season, cybersecurity researchers are warning about a stealthy malware aimed at stealing credit card and debit card numbers from retailers

Cash-register malware is the 'most complex ever seen' (Engineering and Technology) The most complex ever point-of-sale malware capable of stealing credit card details through infected payment terminals has been discovered by American cyber-security researchers

Purported Stealthy POS Malware Threatens Retailers, Stirs Controversy (eWeek) Security firm iSIGHT Partners warns retailers that a silent thief may be in their point-of-sale systems, an assertion that at least one other security firm disputes

Breach at IT Automation Firm LANDESK (KrebsOnSecurity) LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information

Nest refutes webcam spying claims (Naked Security) Home surveillance manufacturer Nest has dismissed reports of secret surveillance by its internet-connected Nest Cam

Welcome to the Internet of stupid (hackable) things (CIO) The rise of IoT technology brings with it the promise of innovation the likes of which we've never seen. But the reality of everything being connected can have unintended consequences, not all of them useful

Hacking Health Care: When Cybersecurity Can Mean Life or Death (National Law Review) Millions of Americans rely on implantable medical devices to stay alive

Report: Ransomware attacks on med devices a real possibility in 2016 (FierceHealthIT) Ransomware will come to medical devices or wearables in 2016, Forrester Research predicts in a new report

Four ways an attacker can infiltrate an organization by diverting security solutions (Help Net Security) Employing one of the many security solutions on the market today does not mean your organization is immune to infiltration — that much is clear from the constant string of hacks making headlines

Tis the season…of malware (CSo) Every year cybercriminals find the time to give out holiday malware. It is their way of giving back to the community, so instead of look out for these pieces of malware coal

Criminal hacking groups in Russia are becoming more like sophisticated corporations (News.com.au) A group of about 20 Russian hackers has fleeced over $1 billion from global bank accounts in the past three years, according to a new report

Bulletin (SB15-334) Vulnerability Summary for the Week of November 16 [sic], 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Lenovo patches serious vulnerabilities in PC system update tool (IDG via CSO) The vulnerabilities could allow attackers with access to limited user accounts to gain administrator privileges

Microsoft offers unwanted-software detection for the enterprise (Computerworld) Sysadmins can now turn on the feature in System Center Endpoint Protection and Forefront Endpoint Protection

Microsoft kills dodgy security certificates (TechEYE) Software giant Microsoft has killed off two dodgy security certificates being used on Dell bloatware

Cyber Trends

Hotel sector faces 'cyber crime wave' (Financial Times) The hotel industry is the next big target for cyber criminals, experts have warned, after Hilton became the fourth major hotel group to have customers' credit card details hacked

Quarter of Brits Would Switch Providers Following a Breach (Infosecurity Magazine) More than two-thirds of consumers would stop using a bank or retailer's web site if the firm suffered a data breach, according to new research from NTT Com Security, which drives home the importance of effective cybersecurity as we head into the busy festive season

Americans worry about online crime, but leave themselves open to attack (SC Magazine) A new Norton by Symantec study found 80 percent of Americans are worried they will be victimized by an online crime, but at the same time consumers are over confident in the belief that their online habits are safe

Healthcare IT and the lack of security hygiene (FierceHealthIT) We've all been there

Report: Cyber Risk, Insider Fraud Major Concerns (InfoRisk Today) Annual survey finds organizations vulnerable to information, IP theft

Southeast Europe — cybercrime's newest scene? (CIO Bulgaria via CSO) Not surprisingly, Bulgarian banks and insurance companies plan to increase spending on security technology

Security organizations issue warnings about Vietnam (VietNamNet Bridge) The reports on internet security released recently by state agencies and security organizations all pointed out that Vietnam is a 'hot spot' around the globe for security problems

Cyber Monday 2015: What we've learned about e-commerce so far (ZDNet) Cyber Monday has kicked off and what's clear so far is that the nuances of e-commerce have shifted a bit from a year ago

Marketplace

Cyberattacks On Firms Posing Credit Risk (CXO Today) Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services

Moody's and S&P warn cyber risks can affect credit ratings — what does this mean to critical infrastructure (Control Global) November 23, 2015, Moody's Investor Services issued the report, "Cyber Risk of Growing Importance to Credit Analysis"

Minimiertes Risiko: Datensicherheit bei Industrie 4.0 (Poltech) Die Sicherheit von digitalen Daten und Systemen stellt eine Herausforderung bei der Digitalisierung in der Industrie dar. Oliver Narr beantwortet, wie man bei Siemens damit umgeht

Cybersecurity start-ups are proliferating, but sorting out what works and what doesn't is tricky (Los Angeles Times) His reputation scorched by Edward Snowden, the former director of the National Security Agency is heading a cybersecurity start-up that aims to shortcircuit data leakers, cyber warriors, terrorists and thieves

Cyber security skills gap: 'Pay more and the problem will go away,' says Reuters IT security chief (Computing) The IT security "skills gap" could quickly be narrowed by simply paying security staff more, according to Thomson Reuters' senior information security architect, Andy Boura, speaking on a panel at Computing's Enterprise Security and Risk Management 2015 summit yesterday

BlackBerry quits Pakistan over government surveillance demands (IDG via CSO) BlackBerry said it would stop operations in Pakistan after Nov. 30

Ways $460 million military contract for cyber bombs could attack targets (Computerworld) Defense contractors will compete for a $460 million contract to develop critical infrastructure cyber bombs. The CEO of Indegy provided insight into potential ways cyber weapons could attack targets as well as what can be done to protect against them

Tor looks to reduce dependency on US government money (Naked Security) In an effort to raise money, the Tor Project — the organisation behind the anonymous Tor network and Tor Browser — has started that most modern of whip-rounds; a crowdfunding campaign.

Palo Alto Networks Continues To Capitalize On Growing Cybersecurity Demand (Seeking Alpha) Palo Alto Networks reported a great Q1, reporting record growth levels and healthy financials

Behavioural analytics security firm Fortscale pulls US$16M in pre-B funding (e27) The Israeli security company has headquarters in San Francisco, latest round led by UST Global and CME Venture

A cybersecurity future in Baltimore (Baltimore Sun) Soon enough your blender will be able to communicate when its blades are becoming dull and at the same time instruct you where to go to purchase new ones — at the lowest price, we hope

In cyber attack age, this Australian data security company grows Reston offices (Technical.ly DC) Data security company Covata says having offices close to D.C. is key in their industry

Cymmetria hires former U.S. government cyber official Jim Christy (Reuters) Computer security startup Cymmetria has hired a well-known retired U.S. government computer-forensics expert, Jim Christy, as vice president of investigations and digital forensics

Fortinet hires Intel Security CTO Tyson Macaulay (Infotech Lead) Cyber security solutions provider Fortinet today announced the appointment of Intel Security CTO Tyson Macaulay as chief security strategist and vice president of consulting services

Products, Services, and Solutions

Walmart spied on workers' Tweets, blogs before protests (Register) Defence contractor Lockheed Martin provided intelligence services before Black Friday

Think you know what's going on your network? You probably don't, warns Darktrace's Steve Soar (Computing) Organisations are out-of-touch over the level of activity on their networks, both in terms of the end points and other devices connected to it, as well as potentially malicious activity that could be indicative of an attack or other unauthorised access

Technologies, Techniques, and Standards

Seven Tips to Protect Your Computer Online (IRS Security Awareness Tax Tip Number 1) The Internal Revenue Service, the states and the tax industry urge you to be safe online and remind you to take important steps to help protect yourself against identity theft

What To Do When You Get Hacked: Eight Technology Executives Explain (Forbes) No business ever wants to deal with a hack, but one quick scan of recent headlines shows that cybersecurity is a major issue for companies large and small

TalkTalk Lesson: Prepare for Breaches (BankInfoSecurity) Learning from the telco's mistakes following its latest hack

137 Security Questions Every Leader Should Ask (IBM Security Intelligence) Every organization needs to be thinking about security

What should CISOs include in security reports? (TechTarget) Security reports are a good way for CISOs to communicate with the board of directors. Here are specific topics that should be included in the reporting

Three key areas to limit cyber attack liability, says Kemp Little (ComputerWeekly) Identifying the source of the attack, reducing the spread of stolen data and mitigating liability to third parties are key areas businesses should focus on, according to law firm Kemp Little

Cyberwar Part 2: Government Hacks Threaten Private Sector (InformationWeek) When you hear the term cyberwar, you think about threats to government, but private sector companies are also at risk

How to identify and handle potential cloud security breaches (TechTarget) With the increasing popularity of the cloud over traditional data centers, it's important to be aware of some of the potential risks of cloud computing

Can You Trust Your Cloud Vendor's Employees? (InformationWeek) Insider threats run rampant, and cloud customers often find it difficult to pull back the veil and see what their supplier is doing with their data

How Lockheed Martin, Cisco and PWC manage cybersecurity (CIO) Forget systems … it's your own people who are your greatest security threats. Luckily, and with training, they can also be your first line of defense

How Facebook Bakes Security Into Corporate Culture (Dark Reading) Security is everyone's responsibility at the famous social network. These five ingredients are what make up the secret sauce

Design and Innovation

Steganography: How Antonopoulos hid a US$100m transaction in a picture of kittens (Brave New Coin) At the beginning of 2015 the British Prime Minister, David Cameron, asked Barack Obama, the US President, to encourage American Internet companies to work closely with British intelligence agencies

Research and Development

Quantum cryptography: Round-robin with photons (Nature Photonics) Last year the common notion that signal disturbance has to be monitored in a quantum cryptographic link to guarantee secrecy was challenged by a new protocol

Academia

South Korea enlists cyber warriors to battle Kim Jong-un's regime (Independent) In a university 'war room', bright young programmers are taught to become 'white' hackers

Universities steel themselves for wave of cyber attacks (Financial Times) A hacker who brought down the IT systems of Rutgers University this year described the infrastructure as crumpling "like a tin can under the heel of my boot"

Legislation, Policy, and Regulation

Failure to stop Paris attacks reveals fatal flaws at heart of European security (Washington Post) To carry out the attacks that left 130 people dead in Paris this month, the killers relied on a cunning awareness of the weaknesses at the heart of the European security services charged with stopping them

The terrorist in the data (Economist) How to balance security with privacy after the Paris attacks

ODNI Announces Transition to New Telephone Metadata Program (IC on the Record) In January 2014, in a speech at the Department of Justice to address domestic and international concerns regarding U.S. intelligence activities, President Obama announced that the Intelligence Community would end the NSA bulk telephony metadata program conducted under Section 215 of the USA PATRIOT Act

NSA's bulk collection of Americans' phone records ends Sunday (Washington Post) The National Security Agency on Sunday will end its mass collection of data about Americans' phone calls under the Patriot Act, 2 1/2 years after a leak by former NSA contractor Edward Snowden forced the government to confirm its existence

Let's Not Be Too Hasty to Shut Down Big Data Security Sweeps (Newsweek) I must disagree with my fellow liberals. The NSA bulk data shutdown scheduled for tomorrow, Sunday, November 29, is unnecessary and significantly compromises intelligence capabilities

How Obama Unilaterally Chilled Surveillance (Wall Street Journal) An executive order that encourages a risk-averse approach to intelligence

After Paris, US Political Shift on Privacy Vs. Security (ABC News) The Paris attacks have renewed debate on the U.S. government's post-Sept. 11 domestic surveillance laws, leading to efforts to revive the issue on Capitol Hill and handing Marco Rubio an opening against Ted Cruz in the Republican presidential race

EU wants to give national privacy regulators more clout in new U.S. data pact (Reuters) The European Union wants to enhance the power of the bloc's national privacy regulators in policing a planned new EU-U.S. data pact after the previous one was struck down by a top EU court on concerns about mass U.S. surveillance

Breach notification the biggest impact of EU data law overhaul, says law firm (ComputerWeekly) The EU data notification law will mean most UK organisations will have to change their approach to data breaches, according to legal firm Olswang

Chinese public security chief heads to US for talks on cybercrime (South China Morning Post) Ministers from both countries to flesh out deal reached in September

Congress struggles to secure nation's power grid (The Hill) Policymakers are searching for ways to defend the nation's power grid from a major cyberattack, amid concerns the industry's digital defenses are dangerously lagging and underfunded

Fort Sill trains soldiers for electronic battle (Military Times) In war-torn eastern Ukraine and Syria, experts say Russian forces are using sophisticated equipment and techniques to shut down battlefield communications, effectively leaving enemy forces blind

When the government really IS here to help with cybersecurity (Naked Security) According to Ronald Reagan, the nine most terrifying words in the English language are: "I'm from the government and I'm here to help"

India, Singapore Agree on Information Sharing (InfoRisk Today) Partnership to set up better incident response mechanism

Litigation, Investigation, and Law Enforcement

FBI Pegs 'Mr Grey' For Heist of 1.2bn Records (Infosecurity Magazine) The FBI appears to be closing in on the identity of a man linked to the biggest data theft ever recorded

FBI Ties Hacker To Whopping 1.2 Billion Stolen Login Credentials (Tech Times) The Federal Bureau of Investigation (FBI) has linked a hacker to the theft of 1.2 billion login credentials

Gas Theft Gangs Fuel Pump Skimming Scams (KrebsOnSecurity) Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam

Police arrest blackmail suspect in TalkTalk data breach case (CSO) This is the fifth arrest in the investigation of the attack on TalkTalk's website

Malware-as-a-service "Fully UnDetectable" operators busted (Naked Security) It's pretty obvious what an anti-virus does

Public private partnership results in arrests of two suspected malware creators (SC Magazine) The reFUD.me malware services website has been taken down thanks to a joint effort between the National Crime Agency and Trend Micro

Wanted teen hacker says it's 'scary' how easily he was able to leave Australia (Austalian Broadcasting Corporation) At a time of heightened security fears, a teenage hacker has left authorities red-faced and raised serious questions about border security

Pirate Bay can't be blocked, says Swedish court (Naked Security) You can't force ISPs to block Pirate Bay

Software pirate gets 200k views on ‘public humiliation’ video, evades fines (Naked Security) Congratulations goes out to Jakub F: Between posting his anti-piracy propaganda video on Tuesday and Friday night, he scored 606,224 views

Report: VW execs knew about fuel economy, emissions cheating a year ago (Ars Technica) Fuel mileage issues, not "subdued demand" behind sales halt of VW Polo BlueMotion

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its...

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, December 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices...

IoT Security Foundation Conference (London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of...

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government...

Enterprise Security and Risk Management (London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most...

Cargo Logistics America (San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference...

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network...

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, December 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused,...

Cyber Security Breakdown: Washington DC (Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise...

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns,...

Disrupt London 2015 (London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt?...

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial.

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security...

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.