skip navigation

More signal. Less noise.

Daily briefing.

TalkTalk announces lower numbers of affected customers than initially feared when its recent breach was disclosed. British police have arrested a second teenager in connection with the hack, but their motives remain obscure. Naked Security observes that it's tempting in cases like this to jump to the conclusion that the kids did it for the lulz, but there's been enough precocious financial crime to give one pause.

More details emerge in the 000webhost, Mark and Spencer, and Optimal Payment breaches.

A well-crafted, convincing spam campaign is trolling for domain name owners, seeking (as usual) to get them click malicious links. The spam is personalized and warns of imminent suspension.

Adult content continues to be the biggest vector for mobile malware.

CyberX finds a zero-day in Rockwell industrial control products.

Proofs-of-concept demonstrate vulnerabilities in iris-recognition biometric scanners and in browser histories (the latter has been named "Sniffly").

Dridex infections spread as the botnet returns to life.

Researchers publish details of CryptoWall ransomware. Revenue from CryptoWall appears to investigators to be flowing into a single criminal group: the latest version may have netted the crooks some $325 million.

Google demands redress from Symantec over allegedly improperly issued certificates.

Xen patches an old VM escape hypervisor vulnerability.

US CISA legislation continues to draw varying reviews. New surveillance policies are enacted in the UK and EU. (Some of the new European policies seem fairly aggressive.) US NSA Director Rogers calls for more industry cooperation in cyber security, but would rule our privateering in cyberspace.


Today's issue includes events affecting Belgium, China, European Union, France, Germany, Iraq, Lithuania, Syria, United Kingdom, United States.

Dateline CyberMaryland 2015

CyberMaryland 2015: Collaborate, Educate, Innovate (National Cyber Security Hall of Fame and the Federal Business Council) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations

CyberMaryland Day Two (The CyberWire) CyberMaryland 2015's second and final day featured presentations by, and discussions with, innovators in the field of cyber security. We were able to speak at length with five of those innovators. But the day opened with the launch of LifeJourney's and NSA's Day of Cyber educational initiative.

About the NSA Day of Cyber (NSA Day of Cyber) The NSA Day of Cyber is designed to raise the "national IQ" for STEM and CyberScience education paths. NSA is sponsoring the program to introduce and inspire the more than 40 million students in schools and colleges to pursue STEM careers to build the skills that will open up their future and connect them to this in-demand digital workforce

CompTIA Participates in NSA Day of Cyber National Initiative (CompTIA) Leading IT industry association is a national partner in the effort to raise awareness for STEM and cyber education and careers

Cyber Attacks, Threats, and Vulnerabilities

IS exploits Telegram mobile app to spread propaganda (BBC) So-called Islamic State group (IS) has shifted its propaganda distribution to the secure mobile messaging app Telegram from Twitter, where its accounts have been repeatedly shut down over the past year

TalkTalk says around 20,000 bank details accessed in cyber attack (Business Insurance) A cyber attack on TalkTalk Telecom Group P.L.C. accessed the bank details of more than 20,000 customers, the U.K. company said Friday, describing it as a much lower figure than originally feared

Another teenager arrested in connection with TalkTalk hack (Graham Cluley) The hack of telecoms firm TalkTalk dominated the headlines in the United Kingdom last week as the company struggled to respond to accusations that it had dropped the ball (it was the third data breach impacting TalkTalk customers in the last 12 months) and gave customers some poor advice

Second teenager arrested in Talk Talk "breach" — but what was the motive? (Naked Security) There's now yet more mystery in the recent Talk Talk "breach" case

Historic cyber attack hits shares of Optimal Payments (Financial Times) Mobile payments company Optimal Payments revealed details of historic cyber attacks on Thursday after discovering that customers' personal information has been made available for sale

M&S data breach forces retailer to temporarily suspend service (ComputerWeekly) A glitch that allowed online customers to see each others' details forced retailer Mark & Spencer to take its website offline while it resolved the issue

Hackers put up for sale 13 million plaintext passwords stolen from 000webhost (Help Net Security) 000webhost, a popular free web hosting service, has suffered a data breach that resulted in the compromise of the name, email address and plaintext password of some 13 million of its customers

Domain name holders hit with personalized, malware-laden suspension notices (Help Net Security) A clever new email spam campaign has been spotted targeting domain name holders, trying to trick them into downloading malware on their systems

Yahoo's "crypto witch" exploits web security feature, learns your site history (Naked Security) Timing attacks are an interesting part of computer security

Operational confusion led to more than 400 critical– to high–risk vulnerabilities persisting on systems at BIS (FierceGovernmentIT) A report from the Commerce Department OIG said one flaw persisted from a previous audit in 2009

The top threat vector for mobile devices? P[0]rn (Help Net Security) As mobile devices become more deeply woven into the fabric of our personal and work lives, cyber criminals are taking increasingly vicious and disturbingly personal shots at us, according to Blue Coat Systems

CyberX Reveals a New Zero-Day Vulnerability that Can Shut Down Operational Networks (Dark Reading) The vulnerability, FrostyURL, was discovered in a Rockwell Automation PLC and was validated by the ICS-CERT

Dridex Returns to Haunt Financial Institutions (Credit Union Times) Less than a month after being dismantled, the notorious Dridex malware, which has been responsible for $30 million in bank fraud losses in the United Kingdom and more than $10 million in losses in the U.S., re-emerged

Cryptowall ransomware revenue may flow to one group (CSO) The latest version alone may have generated $325 million in revenue for the attackers

CryptoWall ransomware undressed in new report (SC Magazine) An infamous piece of ransomware, CryptoWall, has been cracked, according to industry sources

Mozilla SeaMonkey Multiple Vulnerabilities (Secunia) A weakness and some vulnerabilities have been reported in Mozilla SeaMonkey, where one has an unknown impact and the others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose certain information, and compromise a user's system

Sniffly Websites Could Snaffle Browsing Data (Team Cymru) A proof of concept for an interesting new intelligence gathering technique has surfaced recently. Researcher Yan Zhu presented the procedure (some language may offend), known as Sniffly*, at ToorCon 2015

Starbug Hacker Demonstrates How To Crack Iris-Recognition Scanner (HackRead) Last year, German hacking collective, Chaos Computer club, announced that they can reproduce a real fingerprint based on a simple photograph of the person's finger

Scammers switch from Ashley Madison extortion to death threats (CSO) DD4BC promises death unless they're paid $3,000 USD

Google threatens action against Symantec-issued certificates following botched investigation (IDG via CSO) Symantec's investigation into a case of internal testing gone wrong failed to find a large number of certificates issued without authorization

Google slams Symantec over 'questionable' digital certificates (Computing) Google has blasted security software giant Symantec over mis-issued digital certificates for its own web domain,, in September

Sony BMG Rootkit Scandal: 10 Years Later (Network World via CSO) Object lessons from infamous 2005 Sony BMG rootkit security/privacy incident are many — and Sony's still paying a price for its ham-handed DRM overreach today

Coconut Water Empire to Bust: A Data–Breach Case Study (Entrepreneur) It's a good time to be a small- or medium-sized business (SMB) in this country

Security Patches, Mitigations, and Software Updates

Xen Patches 7-Year-Old VM Escape Hypervisor Vulnerability (Threatpost) The Xen Project, which oversees the open source Xen hypervisor, yesterday patched a seven-year-old vulnerability that allows an attacker to escape a guest virtual machine and attack the host operating system

Cyber Trends

Nonprofits Face Costly Cyberthreats (BizTech) As the frequency and cost of data breaches increase, nonprofits need to assess their security controls and address vulnerabilities

Most are unaware of the seriousness of medical data theft (Help Net Security) Most remain unaware of their vulnerability to medical data theft, and the fact that it can be far more damaging than credit card or social security number compromise, according to Vormetric and Wakefield Research

The reputational damage of data breaches: don't hope for customer apathy (CSO) Do customers still care about data breaches these days? Has 'breach fatigue' turned outrage into apathy? Will a data breach really damage your brand and bring down your business?

14 Creepy Ways To Use Big Data (InformationWeek) The amount of data being collected about people, companies, and governments is unprecedented

China is the top target for DDoS reflection attacks (Help Net Security) China bore the brunt of DDoS reflection attacks last month, with 61 percent of the top attack destinations observed hitting Chinese-based systems, according to Nexusguard


Pentagon's top IT official: My money buys Silicon Valley's trust (Christian Science Monitor Passcode) "I spend $36.8 billion a year. That buys a lot of potential trust," said Terry Halvorsen, chief information officer for the Department of Defense

Law Firms Risk Replacement as Boards Focus on Cybersecurity Policies (Legaltech News) Despite the increase in awareness, only one-third of corporate directors have documented policies to protect their business's critical digital assets

Is anti-virus dead? ESET's latest ransomware and bank Trojan figures suggest otherwise (Techworld) Predictions of anti-virus software's demise have missed one important fact — Europe's security giant ESET is booming

Imperva +17.9% on results/guidance; PANW, CYBR, PFPT, CUDA also up (Seeking Alpha) Imperva (NYSE:IMPV) beat Q3 estimates and forecast Q4 revenue of $66M-$68M and EPS of $0.10-$0.16, above a consensus of $62.3M and -$0.06. Moreover, on the earnings call (transcript), the Web app firewall and database security software vendor set initial 2016 revenue growth guidance of "at least 25%," above a 24% consensus

NICE-Systems Ltd. (NICE — $57.24) Company Update: Humming Along Going into 2016; New Focused (FBRFlash) This morning, NICE reported strong 3Q15 (September) results, with headline results coming in ahead of the Street, with healthy metrics seen across the board, and a good outlook for December as a nice feather in the company's hat heading into 2016

Goodwin Procter Latest Am Law 100 Firm to Earn ISO Security Certification (Legaltech News) The firm, like a small number of others, was audited to ensure it complies with the global standard that demonstrates its security level on stored data

Products, Services, and Solutions

Ardaco Releases Enhanced Version of their Mobile Secure Comms Platform — Silentel (Ardaco) Today Ardaco, the creators and operator of Silentel, released a new, enhanced version of their 'military grade' encrypted mobile communications platform

Combat Cybersecurity Risks and Threats with Comptia Cybersecure™ (CompTIA) New online training course from leading IT industry association bolsters the first-line of defense: employees

Oracle hard-wires encryption, SQL acceleration into Sparc M7 processor (FierceCIO) Oracle this week shared more about its new Sparc M7 processor that it said will deliver significantly better database performance and security compared to generic x86 servers

Elcomsoft Phone Breaker 5.0 Adds Over-the-Air Acquisition of iOS 9 Devices (PRNewswire) ElcomSoft updates Elcomsoft Phone Breaker, adding support for over-the-air acquisition of Apple devices running iOS 9. Version 5.0 can download iCloud backups and iCloud Drive files saved by devices running the latest version of Apple's mobile OS, and becomes industry's first cloud acquisition tool for iOS 9

Forget Self-Destructing Messages, Buzz’s New App Offers Self-Destructing Connections (TechCrunch) Today, there are a variety of apps to choose from if you just want to privately chat with friends or even place phone calls without having to give out your real phone number

Tor Project Releases Tor Messenger, Anonymous Instant Messaging Client (Softpedia) The Tor Project has just announced the first public availability for Tor Messenger, a desktop IM client that works on top of the Tor network

Top 20 Android Security Apps (eSecurity Planet) As Android devices continue to surge in popularity, the recently disclosed Stagefright vulnerability, affecting 950 million devices, served as a strong reminder of how crucial it is to keep a close eye on security, particularly if your Android phone or tablet holds sensitive information

Geneva Internet Plaform (DiploFoundation) The Geneva Internet Platform (GIP), an initiative of the Swiss authorities operated by Diplo Foundation, in partnership with the Internet Society is launching the GIP Digital Watch, an online observatory of digital policies

Technologies, Techniques, and Standards

NFA Adopts Interpretive Notice Regarding Information Systems Security Programs — Cybersecurity (National Futures Association) The Commodity Futures Trading Commission (CFTC) recently approved NFA's Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 entitled Information Systems Security Programs, which requires Member firms to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems (Cybersecurity Interpretive Notice)

Draft NIST guide helps banks with IT audit (FedScoop) The National Cybersecurity Center of Excellence is trying to help financial organizations modernize how they manage their massive IT footprints

.onion officially registered as special-use domain name by the IETF (Help Net Security) By publishing the RFC 7686 standard, the Internet Engineering Task Force (IETF) has formally recognized the .onion domain as a special-use domain name

Corporate Cyber Security — the Statistical Approach (Heimdal) When building your corporate cyber security strategy, the most difficult thing is to figure out where to start

Employee Attitudes Fuel Your Data Security Plan (Legaltech News) The most significant threat to data security is employees because they have too little working knowledge

Kaspersky Releases Free Decryption Keys for All CoinVault and Bitcryptor Ransomware Victims (Softpedia) Kaspersky Lab has published an additional 14,031 decryption keys that can be used to unlock personal files encrypted by the CoinVault and Bitcryptor ransomware

The FBI isn't wrong; sometimes you will have to pay the ransom (CSO) It might make you feel dirty, but paying could be the best bet in some situations

Design and Innovation

Writing Good Code Is a Lot Like Making Beautiful Music (Wired) Richard Plom is a coder and a musician

Research and Development

Alibaba, Chinese academy team up on quantum cryptography (Nikkei Asian Review) The Alibaba Group and the government-affiliated Chinese Academy of Sciences will work together on research and development of practical applications of quantum cryptography for secure data transmission

ViaSat to develop embedded crypto for military handhelds with sensitive and secret data (Military Aerospace) U.S. Air Force information security experts needed advanced embedded cryptography capability for small, lightweight military handheld devices that need crypto to handle sensitive and classified data

Legislation, Policy, and Regulation

Influencers: China's arrests of hackers don't prove commitment to stop economic espionage (Christian Science Monitor Passcode) A majority of Passcode's Influencers say news that China arrested hackers accused of stealing trade secrets from American firms doesn't prove Beijing is serious about upholding its commitment to curtail economic espionage

Special Report: Privacy and the EU (Legaltech News) The year 2015 was an active year in the evolution of EU privacy law, and could set the stage for further issues down the line

New European rules to help tackle cyber and other crime (ComputerWeekly) The EU parliament has approved an update of European police college rules to help Cepol keep pace with security threats such as cyber crime

UK surveillance bill to give police access to web history (ComputerWeekly) Proposed UK surveillance legislation is expected to allow the police to seize details of websites and access specific web addresses visited by anyone under investigation

New Freedom of Information Act Request Documents Released by ODNI (IC on the Record) The Office of the Director of National Intelligence is one of seven federal agencies participating in a pilot program to make records requested via the Freedom of Information Act more readily available to the public, as reflected in the recently released Third National Action Plan for Open Government

How CISA encourages both cybersecurity information sharing and warrantless surveillance (Network World) By facilitating a stronger cybersecurity defense, CISA could also give the NSA powerful metadata surveillance capabilities

Adm. Rogers: Government Needs Private Industry to Join Cyber Fight (SIGNAL) Securing the cyberspace will get worse before it gets any better, warned Adm. Michael Rogers, USN, director of the National Security Agency (NSA) and commander of U.S. Cyber Command

Rogers: We don't need cyber privateers (C4ISR & Networks) Tapping the private sector to help with offensive and defensive measures isn't new for America's military but we have to be very careful when it comes to the cyber domain, warned Adm. Mike Rogers, director of the National Security Agency and commander of U.S. Cyber Command

Pentagon must get better on cyber warfare, says official (The Hill) The Pentagon does not yet move fast enough to deal with the speed at which cyber warfare moves, the department's chief information officer said Thursday

Culture, not technology, DoD's latest big cyber push (C4ISR & Networks) Cyber strategies, cyber implementation plans, cyber mission forces — whether it's plans, policies or people, the Defense Department is all over the cyber domain

The Military's SAT Could Soon Test for Cybersecurity Smarts (Nextgov) Like prospective undergraduates, aspiring troops take a standardized entrance examination that gauges verbal and math skills, among other cognitive abilities

OMB expected to 'substantially change' identity management performance metrics (FierceGovernmentIT) Identity, credential and access management is getting more senior-level attention across the federal government due in large part to a "cybersecurity sprint" the Office of Management and Budget launched in response to recent breaches

Hacked Opinions: The legalities of hacking — Adnan Amjad (CSO) Deloitte's Adnan Amjad talks about hacking regulation and legislation

Hacked Opinions: The legalities of hacking — Mike Patterson (CSO) Rook Security's Mike Patterson talks about hacking regulation and legislation

Litigation, Investigation, and Law Enforcement

European Parliament votes to shield Snowden from extradition to US (Ars Technica) Snowden: "An open hand extended by friends… a chance to move forward"

U.S. court will not halt NSA phone spy program before ban (Reuters) A U.S. appeals court on Thursday refused to immediately halt the government's bulk collection of millions of Americans' phone records during a "transition" period to a new federal scheme that bans the controversial anti-terrorism surveillance

Using DroidJack to spy on an Android? Expect a visit from the police (We Live Security) Law enforcement agencies across Europe have searched homes this week, as part of an international crackdown against users of a notorious piece of Android malware known as DroidJack

Morrisons' staff data breach lawsuit underlines insider threat (ComputerWeekly) Thousands of Morrisons' employees are to sue the supermarket giant in what is believed to be the UK's biggest ever claim in relation to a breach of data security

Dropbox Safe to Use after Safe Harbor ruling (Cloudwards) It has been three weeks since the European Court of Justice struck down an international agreement used by thousands of companies to move digital information

US DOJ admits that Stingrays can be used to intercept call and SMS content (Help Net Security) After a battling the US Department of Justice in a court for two and a half years, the American Civil Liberties Union of Northern California has emerged victorious and has been given access to documents that spell out the details about the US federal government's use of Stingrays surveillance devices

Illinois, New Jersey men admit to trying to support Islamic State (Reuters) U.S. authorities on Thursday secured guilty pleas from two men in New Jersey and Chicago for trying to provide support to the Islamic State in a pair of cases following investigations nationally into potential supporters of the militant group

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

Upcoming Events

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around...

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...

After the Shift: Securing Tomorrow's Payment Technology (Washington, DC, USA, November 5, 2015) From encryption to tokenization, what does the future hold for keeping consumer data safe? Policymakers, industry leaders, and technology experts will explore the cutting edge of cyber technology and discuss...

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...

Start with Security (Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will...

University of Phoenix® Technology Conference (Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security,...

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The Threat Expo will bring together thought leaders who...

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

cybergamut Technical Tuesday: Hackproof Signal Processing for Wireless Communications ("Central Maryland, " USA, November 17, 2015) Conventional computing and communications expose myriad attack surfaces because of the Turing-equivalence of the instruction set architectures and the mathematical impossibility of forming a complete set...

Cybersecurity, the SEC and Compliance (New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.