skip navigation

More signal. Less noise.

Daily briefing.

A scholar argues that ISIS information operations succeed because the brutality of the group's "apocalyptic vision" is well adapted to transmission through social media.

Apple and others, including Amazon and Baidu, continue efforts to exorcise XcodeGhost from app stores, but the infestation is proving unpleasantly durable.

Google deals with Trojanized games (including versions of "Plants versus Zombies" and "Candy Crush") in Google Play. Other Android exploits (SMS Trojans) show a new predilection for assaults on financial accounts.

Heimdal warns that Cryptolocker 2 ransomware vectors are spoofing communications from Denmark's post office.

British Columbia's Education Ministry loses an unencrypted hard drive containing personal information on "millions" of the province's citizens.

Mozilla issues a Firefox patch.

Details emerge on Volkswagen's clean diesel software scandal, with observers drawing lessons for ICS security.

Market researchers find that customers in fact leave businesses' websites if they perceive security problems. In other industry news, venture capital continues to flow into security start-ups. Damballa looks at Zerodium's Halloween bounty of $1 million for iOS exploits (and says in effect "we told you so").

Cyber information sharing remains a centerpiece of emerging standards of care (and CSOs say they're not waiting for government to lead), but breach response is fast gaining, as are "holistic" approaches to security.

As the US and China prepare for their summit, China's President Xi sweet talks the US tech industry during a stopover in Seattle, emphasizing cyber cooperation. China denies cyber industrial espionage, but observers see subjunctive and bureaucratic misdirection in the denials.


Today's issue includes events affecting Canada, China, Denmark, India, Indonesia, Italy, Malaysia, Singapore, South Africa, Thailand, United Kingdom, United States.

The US National Cyber Security Hall of Fame has announced its class of 2015. Congratulations to those honored: Cynthia E. Irvine (NPS), Jerome H. Saltzer (MIT), Ron Ross (NIST), Steven B. Lipner (Microsoft), and Susan Landau (WPI).

Cyber Attacks, Threats, and Vulnerabilities

ISIS Brutality Rooted in an Apocalyptic Vision (USNI News) The extreme radical beliefs and brutal actions that caused al Qaeda in Iraq to fail earlier remain the heart of the success of today's Islamic State in Iraq and Syria (ISIS or ISIL), all because the political context of a decade ago and today have changed, a leading scholar on Islamic terrorism said Monday

Number of XcodeGhost-infected iOS apps rises (Help Net Security) As the list of apps infected with the XcodeGhost malware keeps expanding

More genuine iPhone apps may still be infected with malware following massive App Store hack (BGR) Cunning hackers from China managed to sneak malware into what's generally thought of as an impenetrable target, Apple's App Store

Reactions to the XcodeGhost malware infecting iOS apps (Help Net Security) Unknown malware pushers have managed to trick Apple into offering for download from the company's official App Store a considerable number of malicious apps

Android trojan drops in, despite Google's Bouncer (We Live Security) We at ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with one interesting addition: the application was bundled with another application with the name systemdata or resourcea and that's certainly a bit fishy

Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play (Dark Reading) ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush

Cyber crims up the ante with Google Play brainteaser malware (Register) Intelligence-testing app attack shows it isn't just dumb people who get caught

Android SMS Trojans evolve, go after bank and payment system accounts (Help Net Security) Once upon a time cyber crooks used SMS Trojans to earn themselves money by subscribing users to unwanted premium mobile services

SAP Afaria vulnerability: One SMS to wipe and lock 130m+ mobile devices of enterprises (ERPScan) Dmitry Chastuchin, director of research at ERPScan, presented details of critical vulnerabilities in SAP Afaria (Mobile Device Management solution) at the HackerHalted security conference in Atlanta

Danish Post Office Now Delivers Ransomware, Sort Of (Softpedia) Heimdal Security is reporting on a new email campaign that poses as the Danish post office, luring users into accessing a website where they're infected with the Cryptolocker 2 ransomware

Data breach puts millions in B.C. at risk, say security experts (Vancouver Sun) Education Ministry improperly stored student data on a hard drive, failed to encrypt it, then lost it

The Darknet is Thriving & Diversifying with Cybercrime-as-a-Service (Damballa: the Day Before Zero) Just like legitimate web commerce, the dark side of the web has become a place where you can find nearly anything, no matter how much of a niche

Security Patches, Mitigations, and Software Updates

Mozilla Releases Security Updates for Firefox (US-CERT) The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

Starbucks stays schtum, after patching critical website vulnerabilities (Graham Cluley) Starbucks has patched three critical vulnerabilities on its website, but it still hasn't respond to the security researcher who first found the bugs

Cyber Trends

National Cyber Security Hall of Fame Announces 2015 Inductees (National Cyber Security Hall of Fame) The National Cyber Security Hall of Fame has released the names of five innovators who will be inducted into the Hall of Fame at its award ceremony on Thursday, October 29, at the Four Seasons Hotel in Baltimore, Maryland

Insurance and education should be weapons in fight against cyber-crime (Banking Technology) The majority of businesses do not have cyber security insurance, with many not even aware such protection exists — and even those that do have insurance in place may find themselves at a loss if they don't have the correct cover

Still no correlation of cyber vulnerabilities to ICS reliability and safety impacts — VW testing is an example (Control Global: Unfettered Blog) Many people wonder why there is still such a gulf between the IT and ICS communities about ICS cyber security

How Engineers at West Virginia University Caught VW Cheating (IEEE Spectrum) Volkwagen, which had just become the biggest-selling auto maker in the world, has been nabbed committing perhaps the biggest corporate cybercrime of all time

Top 3 Reasons for the Increase in Data Breaches (Information Security Buzz) The past few years have seen a steady increase in major hacking incidents, with high-profile breaches at corporations like Target, Sony Pictures and Home Depot as well as the US government making headlines worldwide

Follow the Data: Dissecting Data Breaches and Debunking the Myths (TrendLabs Security Intelligence Blog) Data breaches are daily news items. Reports of data breaches affecting governments, hospitals, universities, financial institutions, retailers, and recently an extra-marital affairs site, dominate the news with increasing frequency

3 out of 4 Consumers Will Leave your Websites Because of Security Concerns (Infosec Island) As part of the ongoing battle for eyeballs, marketing departments implement tracking technologies that encroach on customer privacy, while digital assets are cobbled together from third-party technology to accelerate time-to-market

Cybersecurity Rating Firm Finds Energy and Utilities Industry Performance Concerning (Power) Researchers looking at "quantifiable differences in security performance" across industries from August 1, 2014, to August 1, 2015, found "challenging performance trends" in the critical energy and utilities sector

KPMG: Detection Tools, Readiness Among Cyber Vulnerabilities for Healthcare Firms (ExecutiveBiz) KPMG has found that 81 percent of healthcare organizations that were part of its recent cybersecurity survey have been compromised by at least one cyber attack in the past two years

BYOD Security Policies May Be Too Invasive for Providers (mHealth Intelligence) BYOD programs have brought to users many benefits, including easier access to patient information and increased mobility throughout a healthcare facility

The UK IS better than Europe, FACT! (at implementing cybersecurity measures) (Register) Code that, Delors!

​​India ranks first among Asian nations in​ ​taking proactive steps to secure devices, ESET study reveals (News Patrolling) Over 38 percent of users across Asia engage in risky behavior online, despite knowing the danger India ranked most proactive nation in Asia in terms of taking steps to secure devices from cyber attacks​​ Malaysia takes the lead as the most cyber-savvy nation in the region, Indonesia ranked last


Palo Alto Networks Continues To Impress (Seeking Alpha) Palo Alto Networks recorded yet another stellar quarter, beating growth expectations on many fronts

CloudFlare raises $110M as Microsoft, Google, Qualcomm embrace cyber security startup (GeekWire) CloudFlare brought on some impressive strategic investors today, announcing a $110 million funding round that included participation from tech giants like Microsoft, Google, Qualcomm and Baidu, the Chinese search engine giant

Farmer family leads $10M investment in Cincinnati cybersecurity company (Cincinnati Business Courier) The family of Cintas Corp. founder Richard Farmer led a $10 million investment in a Cincinnati-area cybersecurity startup

Can Lockheed spur interest in DHS's cyber services program? (Federal Times) The Department of Homeland Security added contracting giant Lockheed Martin to its list of commercial providers authorized to sell services using cyber threat information

CACI Receives $102M SEC Litigation, Computer Forensics Contract (GovConWire) CACI International (NYSE: CACI) has received a five-year, $102 million contract to perform litigation support and computer forensics services for the Securities and Exchange Commission

Splunk leverages its Caspida acquisiton with new security offerings (NetworkWorld) It's always interesting to check back in after a corporate acquisition

Former AVG investors build cyber security fund to chase growth (Reuters) A group of former executives and investors from antivirus software maker AVG Technologies (AVG.N) is raising a $125 million fund to tap into opportunities in the booming cyber security sector, a founding partner in the fund said

$1M Offered for iOS 9 Exploit: Damballa's prediction comes true (Damballa: the Day Before Zero) A few days ago, a mainstream media channel asked the Damballa Threat Discovery Center our opinion about the newest and biggest cyber threats facing US business and law enforcement. We responded that the business of Zero Day exploits is on the rise

Deborah Golden Named Deloitte Federal Cyber Risk Services Lead (GovConWire) Deborah Golden, formerly principal at Deloitte, has been appointed as lead of the company's federal cyber risk services

CrowdStrike Expands Executive Team to Support Explosive Market Demand and Expand Global Presence (MarketWatch) Company appoints Burt Podbere as Chief Financial Officer and Liza Cuevas as Vice President of People

Fortinet Nabs Marketing Exec Holly Rollo From FireEye For Its CMO Spot (CRN) Fortinet has hired away marketing executive Holly Rollo from FireEye, adding Rollo as its new chief marketing officer

Products, Services, and Solutions

Webroot and Lynx Partner to Protect Connected IoT Devices from Targeted Attacks (Webroot) BrightCloud® Threat Intelligence and LynxSecure vVirtualization platform integration delivers advanced threat detection and protection in real time

KoolSpan Lauches Free Trustcall Service Promotion for Samsung Galaxy Users (KoolSpan) 30 day free trial of TustCall Encrypted Wireless Calling and Messaging now available to Samsung Mobile customers

Tenable Network Security Wins Frost & Sullivan 2015 Technology Innovation Award for SecurityCenter Continuous View (BusinessWire) Tenable's continuous network monitoring recognized for excellence in technology innovation by leading global analyst firm

HackerOne launches free Vulnerability Coordination Maturity Model tool (CSO) HackerOne is in the business of vulnerability disclosure and bug bounty programs — helping customers to implement solid strategies for communicating and resolving vulnerabilities effectively

Prelert V4 Goes Beyond Anomaly Detection with Behavioral Analytics that Tell the Stories Hidden in IT Security and Operations Data (BusinessWire) Prelert, the leading provider of behavioral analytics for IT security and operations teams, today announced V4 of its Anomaly Detective application

Neovera Announces Enhanced Cyber Security Monitoring Services (BusinessWire) Reston, VA based MSP, Neovera, adds continuous, comprehensive monitoring services to Cyber Security portfolio

Digital Shadows Finds Security Intelligence in the Shadows (eWeek) Security intelligence is a hot buzzword in the modern IT marketplace, but it's a term that means different things, depending on the vendor and the context

Fortinet joins forces with Splunk (ARN) Alliance to deliver security intelligence, visibility and protection

ThreatStream Announces Threat Intelligence Splunk App and Expands Breadth and Depth of Integrations (MarketWatch) ThreatStream®, the pioneer of an enterprise-class threat intelligence platform, today announced the ThreatStream Splunk App as well as new integrations with leading security solutions

Technologies, Techniques, and Standards

Security experts: Cyber sharing isn't enough (Computerworld) It's a helpful tool, but more holistic methods could do more to fend off attacks

Smart devices to get security tune-up (BBC News) Hi-tech firms are banding together to make sure "internet of things" smart devices are safe to use

Breach Response: The New Security Mandate (InfoRiskToday) RSA's Shahani on why quick anomaly detection is key

Overcoming Mobile Insecurity (InfoRiskToday) Gartner's Girard on how to tackle common mobility challenges

The Common Core Of Application Security (Dark Reading) Why you will never succeed by teaching to the test

Why It's Insane To Trust Static Analysis (Dark Reading) If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts

TLS Everywhere: Upgrade Insecurity Requests Header (Internet Storm Center) TLS (I still have to get used to saying TLS instead of SSL) everywhere is a goal many sites attempt to achieve

Design and Innovation

From Hacker to IoT Security Hero? Red Balloon Floats New Solution (Enterprise Tech) The same person who once hacked HP printers and other telecommunications products to demonstrate the vulnerability of embedded devices has now developed a platform-independent real-time host-based intrusion defense system designed to secure all embedded products, regardless of vendor or operating system

Art Meets Cryptography And Bitcoin's Blockchain (Brave New Coin) Cryptography dates back to the beginning of written language, and is derived from the Greek words kryptós, which means "hidden" or "secret"; and graphein, "writing"

Research and Development

Bank of America files patent for cryptocurrency wire transfer system (FierceFinanceIT) Bank of America has filed a patent for a cryptocurrency wire transfer system

US Navy develops new system to defend against internet attacks (Graham Cluley) In the wake of the widely-reported hacking that has taken place on just about everything that moves, the United States Navy has announced that it is developing a system to protect its fleet from internet attacks


Webroot Survey: 1 in 4 Moms Report Their College Student Lacks a PC Security Solution (Webroot) Webroot, the market leader in intelligent cybersecurity for endpoints and collective threat intelligence, today announced the results of its survey on moms' perceptions about their college student's online safety

Legislation, Policy, and Regulation

Chinese president emphasizes cybersecurity during Seattle visit (Los Angeles Times) In a policy address peppered with Hollywood allusions and assurances of China's economic health, President Xi Jinping pledged Tuesday that his country would protect the rights of foreign investors and vowed that the nation would "never close its open door to the world"

Xi: 'China is ready' for cyber crime dialogue (The Hill) Chinese President Xi Jinping is prepared to start a "high-level" cybersecurity dialogue with the United States

On U.S. visit, China's president seeks to reassure on trade, security (Reuters) Chinese President Xi Jinping, facing a skeptical audience on the first day of a week-long U.S. visit, sought to reassure business and government officials on Tuesday over a long list of irritants, from economic reform to cyber attacks, human rights and commercial theft

White House: No Cyber Attack Pact with China, For Now (Defense One) The Chinese president's visit to Washington will highlight how far apart the two nations are on cyber issues

National Security Advisor Susan E. Rice's As Prepared Remarks on the U.S.-China Relationship at George Washington University (The White House) Good morning everyone. Thank you, President Knapp, for that kind introduction, and thank you to everyone at GW for hosting me

Conflict Flavors Obama's Meeting With Chinese Leader (New York Times) For the past two years, the critical question confronting the Obama administration about Xi Jinping, the Chinese president who defied American predictions by challenging the United States' superpower status early and directly, has been how forcefully to respond

US, China appear close on cyber economic espionage deal (IDG via CSO) With China's president due in Washington, both countries have expressed a desire to stop cyber espionage for economic gain

For China and the U.S., Cyber Governance Is Better Than Cyberwar (Huffington Post) Before setting foot in Washington and New York, Chinese President Xi Jinping, on his first state visit to the United States, is holding court in Seattle

Does China's government hack US companies to steal secrets? (BBC) On Monday this week, a US national security adviser warned China that the hacking must stop and said it put an "enormous strain" on the relationship between the two nations

Federal CISOs Propose New Efforts to Shore Up Cybersecurity (Threatpost) Nearly six months removed from the OPM hack and with many government departments still reeling when it comes to security, several federal chief information security officers volunteered a handful of new ideas at last week's Billington Cybersecurity Summit in Washington, D.C to combat future hacks and improve overall security in the private sector

Cyber chiefs talk security after OPM hack (Federal Times) In the wake of the OPM hack, the federal government is rethinking cybersecurity and how to apply it to digital operations

CSOs aren't waiting for cyber sharing legislation (CSO) Security executives say the sharing of threat information is useful — and they're already doing it. Legislating it, some say, could get in the way

NGA heightens cyber security by mapping mountain of data (Belleville News-Democrat) The world is a complicated place

The Pentagon's Next Unclassified Email System May Live in the Cloud (Defense One) The Defense Department's IT agency is asking industry about setting up a new email system for its 1.6 million users

The Internet of Things, smart cities and what both mean to DHS (Federal Times) Last week both the FBI and the Department of Homeland Security warned of risks associated with the emerging Internet of Things

UK companies urged to tighten cyber defence (Financial Times) Businesses have been urged to protect themselves from a growing cyber threat by the government in a drive to tighten internet security in the UK

Concern raised over Cybercrime and Cybersecurity Bill in SA (IT News Africa) The draft Cybercrimes and Cybersecurity Bill currently out for public comment is timeous in that it proposes legislation that will bring South Africa in line with international laws governing internet-based crimes

Litigation, Investigation, and Law Enforcement

U.S. SEC fines advisory firm for shoddy controls after cyber attack traced to China (Reuters) A St. Louis-based investment advisory firm will pay $75,000 to settle civil charges alleging it failed "entirely" to protect its clients from a July 2013 cyber attack that was later traced to China, U.S. regulators said on Tuesday

The British Library Did Not Need to Self-Censor (Just Security) I enjoyed reading Shaheed Fatima's excellent post from last week about the British Library's decision not to accept the digital archive of materials collected by the Taliban Sources Project

Unprecedented Hacking and Trading Scheme Highlights Key Cybersecurity Lessons (JD Supra) On Aug. 11, 2015, federal prosecutors in the District of New Jersey and the Eastern District of New York unsealed indictments against nine individuals in the U.S. and Ukraine who were allegedly involved in a five-year, widespread hacking and trading scheme

Florida Cops Couln't 'Survive' Without Hacking Team's Spy Tools (Motherboard) One of the largest sheriff's departments in the country gushed over Hacking Team, released emails show

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply... Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.