skip navigation

More signal. Less noise.

Daily briefing.

For unclear (but probably nefarious) reasons, sockpuppets posing as recruiters on LinkedIn appear to be mapping infosec professionals' networks. Fox-IT raised the warning; F-Secure offers some analysis.

Malvertising on the British branch of is serving ransomware to the unwary.

An Android ransomware strain is now communicating over XMPP.

Bitdefender finds a cross-site-scripting vulnerability in PayPal.

ATM skimming hardware has become smaller, thinner, and harder to spot.

The trend among criminals to exploit compromised credentials and "live off the land" in enterprise networks accelerates.

Cisco patches a file overwrite issue in UCS Director and IMC Supervisor.

Richard Bejtlich reflects on Black Hat and discerns a new cyber security maxim: "If you can't protect it, don't collect it."

A Ponemon study looks at insider cyber risk and concludes that multitasking, long hours, and fatigue cause unintentional employee "negligence." (It seems, however, unfair to characterize a mistake made when worked to exhaustion as "negligence.")

Wassenaar, much execrated by the security industry, inflicts collateral damage even before delayed but long-feared US implementation takes effect: HP pulls its sponsorship from Pwn2Own for fear of crossing arms controllers. (Wassenaar's unpopular in India, too. Some think Canada got implementation about right.)

Security start-ups notice a new trend among venture capitalists: the VCs are asking about profits.

Among security start-ups themselves deception (of attackers, not VCs) is also trending.

The US prepares anti-hacking sanctions against Chinese companies, hoping attendant rancor dies down before the Obama-Xi summit.

Edward Snowden says Hillary Clinton's homebrew server damaged US national security.


Today's issue includes events affecting Australia, Canada, Cayman Islands, China, France, Germany, Iran, Israel, Russia, United Kingdom, United States.

the CyberWire staff will be taking Labor Day off. We'll be on hiatus Monday, but normal publication will resume Tuesday, September 8. And next Thursday we'll be covering the second annual Senior Executive Cyber Security Conference at the Johns Hopkins University in Baltimore.

Cyber Attacks, Threats, and Vulnerabilities

Fake recruiters on LinkedIn are targeting infosec pros (Help Net Security) "There's a group of fake recruiters on LinkedIn mapping infosec people's networks. Not sure what their goal is yet, just a heads-up to others," Yonathan Klijnsma, a threat intelligence analyst working at Dutch infosec firm Fox-IT, warned via his Twitter account

LinkedIn Sockpuppets Are Targeting Security Researchers (F-Secure Labsblog) Multiple LinkedIn accounts recently targeted numerous security specialists in an attempt to map their social graphs. Several of our researchers received these LinkedIn invitations themselves and Daavid from our Threat Intelligence team decided to investigate

Cyber attack against exposes millions of singles to malware (City A.M.) UK's online daters could be the victims of cyber crime, after researchers discovered a malware attack aimed at's millions of users

Ads on can let hackers hold computers for ransom: report (Washington Times) Members of in search of companionship were warned by security experts Thursday to expect something else as the British version of the popular online dating service is serving viruses to visitors through Web ads embedded with malware

Persistent cyber spies try to impersonate security researchers (Help Net Security) Rocket Kitten, a cyber espionage group that mostly targets individuals in the Middle East, has been spotted attempting to impersonate security researchers

New Android Ransomware Communicates Over XMPP (Threatpost) A new strain of Android ransomware disguised as a video player app uses a means of communication unseen in other similar malware

PayPal stored XSS vulnerability exposed (Help Net Security) Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of performing attacks on registered users of the service

More ATM "Insert Skimmer" Innovations (KrebsOnSecurity) Most of us know to keep our guard up when withdrawing cash from an ATM and to look for any signs that the machine may have been tampered with

Ashley Madison still a top lure for scammers and crooks (CSO) The Ashley Madison breach is an early Christmas for spammers and scammers

Cayman Islands — Phishing in the Caribbean? (Check & Secure) Banking in the Cayman Islands is curious to say the least… It comes as little surprise then to hear that the cyber criminals are chancing their arm, if recent phishing emails are to be believed

Stealing Data By 'Living Off The Land' (Dark Reading) Hackers latest tactic involves a malware-free attack using a company's own system credentials and admin tools to gain access

Australia emerges as source for DDoS attacks (IT News) NBN connections abused for service disruption attacks

Hacker Puts Crude Poem on Hacked Electronic Signpost in France (Hack Read) If you see a crude poem on an electronic signpost, it is not the handy work of the municipal authorities rather, it is the work of an annoyed, attention-seeking hacker

Security Patches, Mitigations, and Software Updates

Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability (Cisco) Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service (DoS) condition

Google's Latest Chrome Update Emphasizes Speed And Lower Memory Usage (TechCrunch) Chrome started out as one of the least memory hungry browsers on the market, but over time, it developed a bit more of an appetite for RAM. Now, however, Google is starting to get back to basics and the latest Chrome release (version 45) focuses on making the browser faster and more efficient

Cyber Trends

New cybersecurity mantra: "If you can't protect it, don't collect it" (Brookings) In early August I attended my 11th Black Hat USA conference in sunny Las Vegas, Nevada. Black Hat is the somewhat more corporate sibling of the annual DEF CON hacker convention, which follows Black Hat. Since my first visit to both conferences in 2002, I've kept tabs on the themes expressed by computer security practitioners. This year I heard a new refrain: "If you can't protect it, don't collect it"

Is juggler your weakest link? (Banking Exchange) Multitasking, long hours result in insider slips

Hacking Victims Deserve Empathy, Not Ridicule (New York Times) Every day for nearly two weeks, Troy Hunt, an Australian Internet security expert, has opened up his computer to find a plea for help from someone on the edge

Latest security flaw to destroy all business? 'Sanity check' your cybercrime statistics (ZDNet) The difficulty telling fact from fiction in cybercrime news has been getting worse over the past few years. For decision makers, this means a "sanity check" on reported stats should be in your everyday toolkit

Children's apps and websites raise privacy concerns (Naked Security) Earlier this year the UK Information Commissioner's Office (ICO), along with 28 other data protection regulators from around the world, announced an investigation into how websites and apps — squarely aimed at children — were collecting and sharing personal information

The Kids Aren't Alright: Cyber Security and the 'Digital Natives' (Team Cymru) There seems to be two pervading extremes of opinion regarding youngsters growing up with technology. The first is that today's (and tomorrow's) children will consume code with their cornflakes, becoming an army of top-flight computer whizzes apparently by osmosis

Thailand at high risk for cyberattack (Bangkok Post) Thailand ranks ninth worldwide for web-based security threats, making it one of the most targeted countries by hackers, says Kaspersky Lab, a Moscow-based supplier of security software


Pwn2Own loses HP as its sponsor amid new cyberweapon restrictions (Ars Technica) Concerns about violating international arms treaty behind pull-out

The Wassenaar effect (Hindu Business Line) In December 2013, the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies extended its reach to the cyber world

Retail IoT Technology Spend to Hit $2.5 Billion by 2020 (VAR Guy) By 2020, retailers will spend some $2.5 billion on Internet of Things (IoT)-related technologies such as Bluetooth-equipped beacons and radio frequency ID tags (RFID), about four times more than the $670 million expected to be spent this year

Scrutiny of Security Start-Ups May Signal Shift in Venture Funding (New York Times) A funny thing happened to Orion Hindawi while he was raising $120 million for his cybersecurity start-up last month: Investors asked him about profits

UK cloud security company CensorNet raises £2m in funding (Computer Business Review) Talis Capital led Series A funding round, with Vasile Foca appointed to CensorNet board

FireEye's Third Quarter Earnings Review (Seeking Alpha) Leading position and expanded product capabilities in the specialized advanced threat-detection analysis segment of the security market continue to drive organic growth

WatchGuard Technologies Recognized as a Visionary in Gartner's Magic Quadrant for the Unified Threat Management (UTM) Market (KCEN) WatchGuard® Technologies, a leader in integrated security platforms, today announced that it has been named a "Visionary" in Gartner's Magic Quadrant for Unified Threat Management (UTM)

Scheitert Joe Kaeser an seinem eigenen Versprechen? (Die Welt) Siemens-Chef Joe Kaeser hat versprochen, den Rückstand auf den Erzrivalen General Electric aufzuholen. Zwei Jahre später regiert Ernüchterung, denn der Konzern hat jetzt mehr Probleme als vorher

Trustwave 'hiring like mad,' including in Canada, after acquisition (ITWorld Canada) The finalization this week of the US$810 million purchase of security vendor Trustwave by Asian provider Singtel Telecommunications means the Chicago-based company is on an expansion binge here as well as around the world to grow its managed security services

5 Growing Cyber-Security Epicenters Around the World (Entrepreneur) The recent hack of Ashley Madison reminds us just how vulnerable society is to cyber attacks. Big companies such as Target, Home Depot, Michaels, P.F. Chang's and JP Morgan fell victim to data breaches in 2014, and the attacks have continued this year

Maryland's Most Admired CEOs: Karl Gumtow, CEO CyberPoint International, LLC (Daily Record) Karl Gumtow and his wife, Vicki, started CyberPoint International, LLC in their Baltimore condo in 2009. They had plans and, importantly, money set aside

RSA's Ex-CEO Coviello Back In The Game (Dark Reading) Art Coviello, former head of RSA Security, has returned to the security industry after retiring from RSA for health reasons

Products, Services, and Solutions

Advanced Threat Detection Buying Guide (eSecurity Planet) Advanced threat detection offers a more proactive approach to enterprise security than traditional perimeter defenses

Financial Institutions Need Cyber Insurance (Legaltech News) ABA Insurance Services has partnered with Baker Hostetler to provide legal services and insurance for banks

WhiteHat Is Guaranteeing Security (eWeek) WhiteHat Security founder Jeremiah Grossman discusses his company's security guarantee and explains why automated scanning alone is never enough

ESET Releases Next Generation of ESET® Mail Security for Microsoft Exchange Server (PRNewswire) ESET®, a global pioneer in IT security for more than two decades, today announced the release of a new generation of ESET Mail Security for Microsoft Exchange Server® with a completely redesigned user interface, enhanced anti-spam engine, and antivirus with optional cloud-powered scanning

MetaSensor Launches Sensor-1, Tiny and Powerful Security System with Machine-Learning Capabilities (IT Business Net) Available for pre-order; Company also introduces the Aletha Platform, connecting sensors and IoT wearables through an API

Reserve Bank of NZ deploys Wynyard software for risk management (ZDNet) Risk management software will support RBNZ's goal of ensuring financial system stability

Coalfire Expands Cyber Risk Advisory Services (BusinessWire) New offerings help Corporate Boards, Management and Operations Teams Identify, Protect, Detect, and Respond to Cyber Risk

Introducing PhishAlarm, Wombat's One-Click Email Reporting Button (Benzinga) On August 18, we publicly announced general availability of PhishAlarm™, a new Wombat Security behavior reinforcement tool

VMware Expands NSX Platform Security (Dark Reading) VMware is working to add network encryption as a distributed service via its network virtualization platform

G DATA tritt Verein zur Prävention gegen Cyberkriminalität bei (Online PC) Der Bochumer IT-Sicherheitshersteller G DATA ist dem German Competence Centre against Cyber Crime e.V. (G4C) beigetreten, dem einige Banken angehören

Technologies, Techniques, and Standards

Should you jailbreak an iPhone: Is jailbreaking good for an iPhone or iPad? Is jailbreaking safe? The pros and cons of iOS jailbreaking (MacWorld) After more than 225,000 jailbreakers see their data stolen by the KeyRaider breach, we examine again the pros and cons of iPhone jailbreaking. Is it safe to jailbreak an iPhone? How can you jailbreak an iPhone? We take a look at whether it's worth jailbreaking so you can install non-authorised iOS apps on your iPhone and generally customise the experience

Self-Hacking: Corporations Start Thinking Like Criminals (Security Intelligence) How do companies defend their assets against cybercriminals?

Design and Innovation

The Art Of Deception: New Class Of Security Startups Use Decoys To Disrupt A Hacker's Movement (CRN) As companies continue to get hammered by breaches, a clear gap in the effectiveness of many security portfolios becomes more evident with each attack. However, a new category of emerging security startups say they have the answer and are disrupting the threat detection space with what they call "deception" technology

DoD's top secret smartphone expected in the fall (C4ISR & Networks) Government agencies have made significant strides in incorporating smartphones and tablets into their offices and missions, even at the Defense Department. But the caveat always has been that those devices could only be used for non-classified purposes. That's changing

Research and Development

The Subatomic Race to Harness Quantum Science (Defense One) US, China are betting millions on the promise of this newish field, but the real-world potential remains a mystery

IBM Lands Mobile Tech Security R&D Contract From DHS S&T (ExecutiveBiz) IBM's Thomas J. Watson Research Center has received a $1.3 million contract from the Department of Homeland Security's Science and Technology Directorate for research and development work on mobile technology security

Hands Off! NIST Helps Bring Contactless Fingerprint Technology to Market (NIST) Quickly moving through security checkpoints by showing your hand to a scanner seems straight out of science fiction, but the National Institute of Standards and Technology (NIST) is working with industry to bring fast, touchless fingerprint readers out of the lab and into the marketplace

How A 1200-Year-Old Hacking Technique Can Already Crack Tomorrow's Encrypted Vaults (Forbes) In the ninth century, Baghdad was not the violent epicentre of a conflict between Western and Eastern ideologies it would become once Bush and Blair sent the troops to Iraq


Northrop Grumman Conducts Cyber-Focused Activities (GovConExecutive) Northrop Grumman held several activities in the summer that aimed to promote cybersecurity careers among high school and college students

Legislation, Policy, and Regulation

Beijing Tightened Internet Controls Before Glitzy Military Parade (Foreign Policy) Chinese censors have systematically knocked out tools to evade the Great Firewall

China's Great Cannon: The Great Firewall's More Aggressive Partner (Dark Reading) Crowdstrike researchers Adam Kozy and Johannes Gilger visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders. It already hit Github, but it's poised to do so much more

Cyberwarfare key component of China's military modernization, new wide-ranging CSIS report says (FierceGovernmentIT) Cyberwarfare is emerging as a key element of the Chinese military's modernization efforts and a major concern for the nation's most senior leaders, a new report from Center for Strategic and International Studies said

Chinese Strategy and Military Modernization: A Comparative Analysis (Center for Strategic and International Studies) China's emergence as a global economic superpower, and as a major regional military power in Asia and the Pacific, has had a major impact on its relations with the United States and its neighbors

US mulls over sanctions on China and Russia for cyber attacks (Deutsche Welle) The US is weighing sanctions on individuals and firms for cyber attacks, reports say. Speculation could indeed come in handy, as it gives the White House leverage ahead of a state visit by Chinese President Xi Jinping

US to hit China hackers before Xi's Washington visit (CNBC) The White House is preparing to slap sanctions as early as next week on Chinese companies connected to the cyber theft of US intellectual property

The US government is not spending enough on cybersecurity (Business Insider) In the past 12 months, the US government has not fared well against cyberattacks, and the budget may give an insight why

5 things the FTC should do to improve data security in the wake of Wyndham (FierceITSecurity) The Federal Trade Commission recently won an enormous court victory. In FTC v. Wyndham Worldwide Corp., the 3rd U.S. Circuit Court of Appeals rejected a challenge to the FTC's power to regulate data security

Halvorsen wants to change economics of cyberspace (FCW) Defense Department CIO Terry Halvorsen on Sept. 2 called for industry help in changing the economics of cyberspace so that is more costly for hackers to inflict damage and cheaper for the Pentagon to defend itself

Here's What OPM is Offering to Protect Hack Victims from Blackmail (Nextgov) The government is planning to invest $330 million in financial fraud protections for Office of Personnel hack victims, even though the suspected computer intruders are not thought to be in the business of ID theft

U.S. Navy chief: Cyber missions could fuel orders for Boeing EA-18G Growlers (St. Louis Post-Dispatch) The Pentagon is evaluating whether potential cyber missions could drive demand for additional Boeing Co. EA-18G electronic attack jets, or Growlers, the top Navy officer told Reuters on Thursday

Technology & Consultants Won't Save CIA. Only Humans Can. (Overt Action) I understand that a website run by former members of the Intelligence Community who are looking to support informed debate about national security policies might not be the best place to quote James Bond

Litigation, Investigation, and Law Enforcement

The Microsoft Warrant Case: A Response to Orin Kerr (Just Security) With less than a week before the Second Circuit considers the dispute between Microsoft and the government over emails stored in Ireland (an issue I have blogged about here, here, and here), I thought it worth responding to Orin Kerr's novel suggestions as to how to understand the case

Court: FTC can take action on corporate data breaches (CSO) Security experts are split about whether the FTC's oversight will help improve enterprise security

Justice Department Announces Enhanced Policy for Use of Cell-Site Simulators (US Department of Justice) Increased privacy protections and higher legal standards to be required

State Department seeks to consolidate Hillary Clinton email cases in court (Washington Times) Administration says it's 'struggling' with 32 cases

Read Hillary Clinton's Emails Here and Make Your Own Call (War on the Rocks) The State Department has released a large cache of former Secretary of State Hillary Clinton's emails, sent to and from her private email server. They can be perused here and are fully searchable

Hillary Clinton, inner circle responsible for most classified emails (Washington Times) Nearly a third of the classified messages released so far from former Secretary of State Hillary Rodham Clinton's emails came from one man: Jake Sullivan, who served as her deputy chief of staff in the department, and is now the top foreign policy adviser to her presidential campaign

Clinton 'jeopardized national security' by using private email server — Snowden (Russia Today) National Security Agency whistleblower Edward Snowden said that Hillary Clinton's use of a private email server while serving as secretary of state jeopardized national security secrets. He said Clinton's claims to the contrary "is completely ridiculous"

3 ways to get busted on the Dark Web (Naked Security) The Dark Web is a small and secretive part of the regular web that's become a haven for drug markets, paedophiles and sex traffickers

8 of the most unsettling things you'll find on the darknet (ITWorld) Catch a glimpse of what flourishes in the shadows of the Internet

Fresno teen arrested after he allegedly posts Eminem lyrics on Instagram (Ars Technica) Guns, ammunition discovered under the teen's house, but lawyer says cops went too far

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...

SIN ACM (the International Conference on Security of Information and Networks) (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks will feature contributions from all types of specialists in the cyber security field, from papers and special sessions to workshops...

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...

[New Date] Cyber 6.0 (Laurel, Maryland, USA, September 10, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...

Fraud Summit San Francisco (San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.