skip navigation

More signal. Less noise.

Daily briefing.

What's being called the biggest online leak in history surfaced over the weekend, as the Süddeutsche Zeitung reported on the eleven million documents (some 2.6 terabytes of data) a whistle-blower leaked from the Panama-based law firm Mossack Fonseca. The data are said to indicate money laundering and the massive transfer of funds to offshore private accounts by a number of world leaders and senior government officials. The transfers go back more than a decade. Süddeutsche Zeitung has said that Le Monde, the BBC, and the Guardian are also involved in the investigation. Prominently mentioned in dispatches: Russian President Vladimir Putin, said to have transferred more than a billion dollars.

Elsewhere, ransomware continues to bedevil North American healthcare providers. MedStar appears to have largely returned to normal operations, and to have done so without paying ransom. US and Canadian authorities issue a joint alert about ransomware as the FBI continues its investigation of the MedStar hack. Avira reports a newish twist on criminals' methods: "Rokku's" controllers offer a QR code to make it easier for victims to make mobile payments.

Government websites in Hungary sustained a brief cyber attack by unspecified foreign actors over the weekend.

Turkish hacktivists open cyber-rioting against Armenian targets, deciding to side with Azerbaijan in the long-running dispute over the province of Nagorno-Karabakh.

The Islamic State West Africa (ISWA), the terrorist group formerly styling itself Boko Haram, has pledged fealty to ISIS leader Abu Bakr al Baghdadi. The US Justice Department warns of a coming cyber jihad.


Today's issue includes events affecting Armenia, Azerbaijan, Brazil, British Virgin Islands, China, Colombia, Costa Rica, El Salvador, European Union, Germany, Guatemala, Honduras, Hungary, Iceland, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Mexico, Netherlands, New Zealand, Nicaragua, Pakistan, Panama, Russia, Saudi Arabia, Seychelles, Singapore, Switzerland, Syria, Turkey, Ukraine, United Kingdom, the United States, and Venezuela.

This week we'll be covering two cyber security conferences: the Billington CyberSecurity INTERNATIONAL Summit in Washington, DC, on Tuesday, and the CAMI Cyber Risk Management 360 in Baltimore, Maryland, on Thursday. Watch for our usual live-Tweets and extras.

Catch the CyberWire's Podcast this afternoon, in which we'll talk with Accenture's Malek Ben Salem on the challenges of securing the Internet-of-things (good background for tomorrow's interview with industrial control system experts at SCADAFence).

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) The IT Security Entrepreneurs Forum (ITSEF) offers a venue for entrepreneurs to meet leaders of government, business and the investment community for open collaboration on the challenges of cybersecurity.

Dateline Women in Cyber Security (WiCyS)

Value, Mentorship, and Opportunity: the View from WiCyS 2016 (The CyberWire) Three clear themes emerged from 2016's Women in Cyber Security Conference: recognition that cyber security is part of any business's value proposition, the importance of mentorship in career choice and development, and, finally, the reality that ability to recognize and pursue opportunity is far more important than detailed career planning

Calling All Women: The Cybersecurity Field Needs You And There's A Million Jobs Waiting (Forbes) Cybersecurity has a gender problem: Only 11% of the world’s information security workforce are women, according to the Women’s Society of Cyberjutsu (WSC) — a 501(c)3 non-profit passionate about helping and empowering women to succeed in the Cybersecurity field

Cyber Attacks, Threats, and Vulnerabilities

A cyber attack temporarily shut down the Hungarian government's website (Irish Examiner) The Hungarian government said its computer network has come under attack from outside the country, with access to several websites temporarily blocked

It’s Cyberwar, it’s Turkish vs Armenian Hackers Amid Nagorno-Karabakh Dispute (Hack Read) A group of Turkish hackers going by the online handle of Turk Hack Team (THT) have decided to side with Azerbaijan over the ongoing Nagorno-Karabakh conflict and conducted a series of cyber attacks on Armenian servers earlier today

'Cyber Jihad' Is Coming to America (Fortune) The government says it’s only a matter of time

Islamic State West Africa reaffirms loyalty to al Baghdadi (Long War Journal) The Islamic State West Africa (ISWA), which is more commonly known by its former name Boko Haram, reaffirmed its loyalty to both its local leader Abubakar Shekau and the overall leader of the Islamic State, Abu Bakr al Baghdadi

MedStar IT system mostly back to full operation after cyber attack (WTOP) MedStar Health’s IT systems are back to about 90 percent functionality after a cyber attack last week

MedStar: No Ransom Paid In Cyber Attack (WBAL) MedStar Health officials said Friday that they have not paid any kind of ransom related to a cyber attack on its computer networks

FBI investigating cyber attack on United States hospital group Medstar (Leader Call) MedStar stressed that there is no evidence patient files have been compromised and all facilities will remain open, despite the lack of access to medical records, scheduling computers, internet services, and email. The FBI is investigating, but has not said anything about the source or type of the breach

MedStar hack shows risks that come with electronic health records (Baltimore Sun) Spurred on by the federal government, hospitals in Maryland have moved quickly in recent years to roll out electronic medical records

U.S., Canada issue joint alert on 'ransomware' after hospital attacks (Reuters) The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as "ransomware," which encrypt data and demand payments for it to be unlocked

My Layman’s Terms: The Java Deserialization Vulnerability in Current Ransomware (CyberWatch) There has been a recent wave of ransomware attacks against hospitals, highly publicized and for good reason. Who the hell attacks hospitals with malicious code that locks up access to critical care systems, and puts our most vulnerable at further risk? Well, there’s more to this story than I can reveal here but I’ve been following the trend for months, and here’s what you need to know

Why your medical information is gold for hackers (ITProPortal) The popularity of personal health information (PHI) is increasing among hackers, and its value continues to escalate on the black market

Trouble paying the ransom? This ransomware provides QR code for mobile payment (Graham Cluley) This ransomware believes in making payment easy for its victims

Buying Bitcoin Ransomware for US$100 on Darknet (Bitcoins) Now that Bitcoin ransomware is becoming even more of a global threat, some researchers took it upon themselves to delve deeper into the world of underground marketplaces on the darknet and Internet criminality

Ransomware Authors Break New Ground With Petya (Dark Reading) Instead of encrypting files on disk, Petya goes for the jugular by encrypting the entire disk instead, says F-Secure

Weekly Security Roundup #71: All Ransomware Everything (Heimdal Security) In this past week, ransomware took over the scene. You’ll see that most of the security articles revolve around how easy ransomware spreads, who are the latest victims, how it evolved and how much it affects businesses

An Update on Terracotta VPN (RSA Blog) Yesterday at Black Hat Asia in Singapore, RSA Researcher Kent Backman presented an update on Terracotta, our name for a VPN service marketed in China that we originally reported on in August of 2015. Great Firewall traversal, a primary use case for Terracotta, is commonly marketed to Chinese users

How the EITest Campaign’s Path to Angler EK Evolved Over Time (Palo Alto) In October 2014, Malwarebytes identified a campaign based on thousands of compromised websites that kicked off an infection chain to Angler exploit kit (EK)

New Heap-Spray Exploit Tied to LZH Archive Decompression (Threatpost) Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today

What is Multi Vector DDos attack and why are attackers preferring it ? (CodingSec) Attacks on corporations by hackers has been quite common these days

PHP, Python still fail to spot revoked TLS certificates (Help Net Security) In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: badly designed APIs of SSL implementations and data-transport libraries

Recent Verizon Data Breach Was Preceded by Another Screw-Up (Softpedia) It appears that Verizon had problems securing MongoDB databases months before the most recent data breach that allowed hackers to steal at least 1.5 million customer records and then put them up for sale on the Dark Web

iPhone vulnerabilities find an active marketplace (San Francisco Chronicle) After a tumultuous week in which the Department of Justice dropped a controversial legal effort to force Apple to assist the FBI in unlocking an iPhone, there’s much we still don’t know

Cyberthieves’ Latest Target: Your Tax Forms (Wall Street Journal) Companies are on the lookout for an email scam that can wreak havoc on employees’ lives for years

Meet the hacker who rigged elections in 9 Latin American Countries for 8 years (Hack Read) Last month we reported how a Brazilian hacker claimed to have hacked election voting machine in the country and rigged the elections in favor of the political party in power. But, now another hacker has claimed to do the same but on a larger scale

Public warned not to use Santander cash machines by police (Telegraph) The public have been warned by police not to use Santander cash machines over fears they have been "compromised"

BitQuick confirms customer database leak during cyber attack (LeapRate) Bitcoin trading platform BitQuick, which fell victim to a cyber attack about two weeks ago, has provided an update regarding the status of customer data

SQL Injection Allowed Hacker to Steal Data of 237,000 Users from Adult Site (Hack Read) Team Skeet adult website got hacked after a hacker obtained access to its administrative functions. After the hack, the user data stored on the website was being advertised on the Dark Web

Google's Mic Drop Gag Screws Up April Fools' Day Joke (InformationWeek) Google is forced to pull a Gmail April Fools' Day joke called Mic Drop after users accidentally tell off coworkers and employers. However, the search giant had some other gags ready to go

Steam hacker says more vulnerabilities will be found, but not by him (Ars Technica) "It looks like their website hasn't been updated for years"

Security Patches, Mitigations, and Software Updates

How to update Silverlight - or uninstall it completely! (Graham Cluley) Friends don't let friends run out-of-date plugins

Red Hat Wildfly up to 10.0.0 on Windows Blacklist Filter File Information Disclosure ( A vulnerability classified as problematic has been found in Red Hat WildFly up to 10.0.0 on Windows. Affected is an unknown function of the component Blacklist Filter

Cyber Trends

Security can be a competitive differentiator (CSO) Technology has opened a security Pandora's Box

Quarter of Breached Organizations Learn Through Third Parties (Information Management) Cyber attackers are gaining access to valuable, sensitive data such as login and access credentials, according to the 3rd Annual SANS Endpoint Security Survey conducted by SANS Institute and co-sponsored by Guidance Software

Preparing for a future where everything is connected to the Web (+video) (Christian Science Monitor Passcode) At an Atlantic Council event on Thursday, experts said that Internet-connected devices need to be more rigorously defended from hackers to realize their potential

Raising The Stakes For Application Security (Dark Reading) Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?

Cybercrime costs Dutch government, industry €10bn a year (Dutch News) Cybercrime is costing the Dutch government and private sector an estimated €10bn a year according to research by accountancy Deloitte


Bridging the Accountability Gap: Why We Need to Adopt a Culture of Responsibility (re/code) Businesses face a litany of existential threats: Hostile takeovers, talent departures, unpredictable customer behavior and market fluctuations — all deeply familiar risks that leaders have carefully planned for and assessed over decades. Yet these same leaders are often alarmingly unprepared for the most potentially damaging threat — a massive data breach that could mean the loss of everything … all in a matter of seconds

Security can be a competitive differentiator (CSO) Technology has opened a security Pandora's Box

Dell and EMC bare all on merger plans in massive SEC filing (CRN) Go-to-market plans, VMware, rules of engagement and partner programmes all covered in FAQ document

Cybersecurity firm could be first tech IPO in 2016 (USA Today) A cybersecurity firm could be first U.S. tech IPO in 2016

FireEye’s Poised to Grow (Scibility Media) Analyst’s predictions were for a loss of $1.30 for fiscal 2016, but when FireEye released its Q4 2015 earnings, it predicted a potentially more optimistic loss per share of around $1.20-1.27 for 2016

Israel's security industry under spotlight over reported link to San Berardino iPhone battle (Independent) The reported involvement of an Israeli cyber security firm in the iPhone unlocking battle between the FBI and Apple has put the fast-growing industry - with its military connections - into the news

CYBERBIT™, Elbit Systems' Subsidiary, Awarded Contracts Valued At An Approximately $22 Million To Supply Intelligence And Cyber Systems To A Customer In Asia-Pacific (The Street) Elbit Systems Ltd. (NASDAQ and TASE: ESLT) ("Elbit Systems"), announced today that its subsidiary, CYBERBIT Ltd. "CYBERBIT"), was awarded contracts to supply intelligence and cyber analysis and research systems for a country in Asia-Pacific for an aggregate amout of approximately $22 million. The systems will be supplied over a two- year period

Global IAM market to reach 24.55 billion by 2022 (Help Net Security) The global identity and access management (IAM) market is expected to reach USD 24.55 billion by 2022, according to Research and Markets

Wynyard Appoints Sir Iain Lobban as Cyber Security Adviser (Scoop) Wynyard Appoints Sir Iain Lobban as Strategic Adviser on Cyber Security for Its Commercial Customers

Products, Services, and Solutions

Anonymous Browsing: Avira Launches Phantom VPN for Android, Windows Users (Hack Read) Avira is known for developing the very popular, award-winning software Avira Antivirus and it seems the company has been striving to provide web users a secure environment over the web space so that their privacy is not violated nor are their computers

Healthcare organization adopts security as a utility (Network World) Use of ProtectWise enables it to acquire, manage and operate their security architecture from the cloud

Technologies, Techniques, and Standards

Neighborhood Watch: Identifying Early Indicators of the Central Bank of Bangladesh Heist (Recorded Future) As a threat intelligence analyst, the largest impact you make may be the observation of early indicators of compromise (IOCs) on other companies within your industry vertical. When you see the neighbor’s house on fire, the first thing to do is determine whether your house is on fire as well. In early hacks, this equates to “Am I being attacked or am I about to be attacked?”

A beginner's guide to encryption (Christian Science Monitor Passcode) Don't understand encryption or the policy debates around it? Let us walk you through the basics

Why SMBs need threat intelligence (Help Net Security) SMBs need threat intelligenceMost of the innovative work being done in information security comes from to small to medium sized companies

A House Divided Does Not Fall (SIGNAL: CyberEdge) Network segmentation offers a way to meet burgeoning security needs

The role of behavioural biometrics in authentication (ITProPortal) Despite its popularity, it’s well known that the password is one of the least secure forms of authentication

Implementing Disaster Recovery as a Service to avoid losing your business (IT Security Guru) Protecting a business from natural disasters and unwanted trespassers will probably come as second nature. But in the age of a digital revolution, protecting data from cyber intrusion, human error and data loss need to be top of the agenda for all businesses

Devalue data, deter cybercriminals (SC Magazine) The same motivation that has for decades convinced cat burglars to sneak in through open windows and pilfer jewels from the dresser drawers of their sleeping victims moves cybercriminals to slither around in cyberspace to steal data: It's valuable. And easy to get to

7 Cybersecurity Tips For Lawyers (Above the Law) This past week, the world learned about the big hack of Biglaw. If your employer was one of the almost 50 firms prestigious enough to be targeted by Russian hackers… congrats?

Design and Innovation

Encryption we can trust: Are we there yet? (Help Net Security) Encryption is arguably the most important single security tool that we have, but it still has some serious growing up to do

Microsoft’s disastrous Tay experiment shows the hidden dangers of AI (Quartz) Humans have a long and storied history of freaking out over the possible effects of our technologies


Military, Government Focus on Statewide Cyber Education (SIGNAL) STEM in Hawaii is boosted to sow seeds for cyber personnel

Legislation, Policy, and Regulation

UK sets up new cyber security centre to protect defence networks and systems (Domain-b) The UK is setting up a new cyber security centre designed to protect Ministry of Defense (MoD) networks and systems from ''malicious actors'

Brussels terror attacks: Why ramping up online surveillance isn’t the answer (Ars Technica) Op-ed: Brief moratorium needed on calls for new spying laws after atrocities

How Should the World Respond to Terrorism? (Defense One) We invert the classic Q&A to explore the complexities influencing global responses to terrorism today

Army tells officers to fight battlefield intelligence system in Congress (Washington Times) An internal Army memo is calling on officers to fight legislation from a Marine veteran in Congress who wants to mandate fixes to a complex intelligence computing network panned by soldiers at war

Navy withdraws intel boss nominee, furthering uncertainty (Navy Times) The Navy’s top officer is withdrawing the nomination of Rear Adm. Elizabeth Train to take over as director of naval intelligence and replace the three-star who has been hamstrung for more than two years by a lack of access to secret information

Litigation, Investigation, and Law Enforcement

Die Geheimnisse des schmutzigen Geldes (Süddeutsche Zeitung) Enge Vertraute des russischen Präsidenten Wladimir Putin haben in den vergangenen Jahren offenbar mehr als zwei Milliarden Dollar durch Das Netzwerk

Offshore Links of More than 140 Politicians and Officials Exposed (International Consortium of Investigative Journalists) A new investigation published today by ICIJ, the German newspaper Süddeutsche Zeitung and more than 100 other news organizations around the globe, reveals the offshore links of some of the planet’s most prominent people

Documents leaked from a Panamanian law firm reveal a global web of corruption (TechCrunch) t started with a single, encrypted message to the Suddeutsche Zeitung, and what it has become is, quite simply, the biggest leak of private documents yet seen on the Internet

What to Know About the ‘Panama Papers’ Leak (Time) The 11.5 million documents released this week implicate several world leaders and their families

A massive leak of documents connects Putin and other world leaders to offshore deals (Quartz) Some 72 current or former heads of state, including Russia’s President Vladimir Putin, have been linked with secret offshore deals following a leak of 11 million papers from one of the world’s largest offshore law firms, Mossack Fonseca

The five most important graphs from these Panama Papers leaks (Quartz) It’s being described as the “biggest leak in history.” Over 11 million confidential documents were released from the Panamanian law firm Mossack Fonseca, which has been described as the world’s fourth-largest provider of offshore services

FBI offers crypto assistance to local cops: “We are in this together” (Ars Technica) After iPhone unlock in San Bernardino, FBI re-assures police it will try to help

FBI takes heat for keeping iPhone hack details under wraps (Macworld via CSO) Criticism is mounting as the agency is reportedly trying its iPhone cracking method on more devices

Has Reddit been served with a National Security Letter? (Help Net Security) Reddit has published its 2015 Transparency Report, and there is one thing missing from it: the entire section about national security requests

Apple Vs. The FBI: Protecting The Poetry Of Code (InformationWeek) If the FBI had succeeded in its attempt to have Apple write a new version of iOS (FBiOS, perhaps?), then what would a tech vendor have been required to do next?

Reddit’s warrant canary is now pushing up the daisies (Naked Security) Reddit’s warrant canary has disappeared, leaving nary a metaphorical feather in its wake after it flew the company’s latest transparency report

Hillary Clinton says the FBI hasn't asked to interview her about email server (Los Angeles Times) Hillary Clinton said Sunday that the FBI has not asked to question her about her use of a private email server when she was secretary of State, a controversy that has dogged her presidential bid

U.K. man convicted of plotting to attack U.S. troops in Britain (Military Times) A British delivery driver was convicted Friday of planning to attack American military personnel in the U.K. in a plot inspired by the Islamic State militant group

Marcel Lazar aka Guccifer Hacker Facing Criminal Charges (Hack Read) Marcel Lazar, aka Guccifer, is a Romanian hacker who managed to break into computer accounts of high-profile political figures and is now paying the price of his malicious deeds

A spiritual successor to Aaron Swartz is angering publishers all over again (Ars Technica) Meet accused hacker and copyright infringer Alexandra Elbakyan

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event...

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per...

Upcoming Events

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world.

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event...

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing...

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based...

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per...

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, April 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills...

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.