skip navigation

More signal. Less noise.

Daily briefing.

Lithuania's parliamentary website was blocked with a DDoS attack yesterday as it prepared to webcast coverage of the World Congress of Crimean Tartars. The session whose coverage was temporarily blocked intended "to discuss mass violations of human Rights in Russian-occupied Crimea." Lithuanian authorities say the attack came "from abroad."

The US Federal Deposit Insurance Corporation (FDIC) sustained an "inadvertent breach" in February that affected records of some forty-four thousand customers. A departing employee downloaded files into a personal storage device, then took the device and the data. Both were returned shortly thereafter when the FDIC realized what had happened. No data appear to have been transferred or released.

BAE warns that a new, polymorphic version of Qbot malware is circulating in the wild. It's proving unusually evasive and difficult to interdict.

Heimdal reports that Atmos, an evolution of Zeus by way of Citadel, is actively targeting banks in France. It's also being delivered in conjunction with Teslacrypt.

A fresh strain of Android ransomware, known for now as "ANDROIDOS_SLOCKER.AXBB," has been reported by Trend Micro. The strain typically infests adult websites.

Cisco's Talos Labs is warning that "cryptoworms" appear to represent the future of ransomware. They're self-spreading, and require little or no user interaction to infect systems.

Some analysts boldly claim that shadow IT may have the sort of silver lining hitherto seen in BYOD.

Dell SecureWorks has a valuation as it approaches its IPO: $1.42 billion.

The US may ask for complete renegotiation of the Wassenaar cyber arms control accord.


Today's issue includes events affecting Angola, Canada, European Union, France, Iraq, Israel, Lithuania, Nigeria, Netherlands, Panama, Philippines, Russia, Syria, Ukraine, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) ITSEF introduces entrepreneurs to government, business and investment leaders for open collaboration on cybersecurity challenges. Register today.

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Lithuanian parliament under cyber attack (Euractiv) Lithuania’s parliamentary website came under cyber attack yesterday (11 April) just as a special session of the World Congress of Crimean Tartars was meeting to discuss mass violations of human Rights in Russian-occupied Crimea

The Panama Papers: Shadow networks and how they operate (Global Risk Insights) The revelation by the Panama Papers that some of the world’s rich and powerful hide money and assets abroad is not a new one. The extent to which they do it, the level of systematization and its unexpected connection to some of the poorest, conflict ridden regions of world is baffling

Saucy public servants exposed – targets for cyber criminals (IT Wire) And you thought public servants led dull, colourless lives. Cyber criminals are out to provide otherwise – unless you pay

‘Inadvertent’ cyber breach hits 44,000 FDIC customers (Washington Post) In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers was breached by an employee leaving the agency

BAE Systems sounds security klaxon over Qbot malware (Inquirer) Qbot ain't no BB9. Steady yourselves. The security threat diviners at BAE Systems have warned of a modified instance of Qbot that is bad news for you and your systems

Security Alert: Citadel Trojan Resurfaces as Atmos, Carries on the ZeuS Legacy (Heimdal Security) More than 6 months after its creator was sentenced to prison, the infamous Citadel malware resurges in a modified form, called Atmos. The new strain is currently targeting banks in France and it was also spotted being delivered with Teslacrypt. Here’s the full story

More big-name sites hit by rash of malicious ads that attack end users (Ars Technica) Some of Netherlands' top sites ran ads that redirected to the Angler exploit kit

New Android Ransomware Identified By Trend Micro (Android Headlines) It seems as if it is almost weekly when a new virus, malware or other form of Android-related security or privacy issue arises and today is marking the latest noted issue. In fact, the issue came to light yesterday when Trend Micro published a blog post on a new malware which is going by the ANDROIDOS_SLOCKER.AXBB tag. As is usually the case, the details here are not meant as a form of scaremongering and instead are simply intended to keep Android device owners informed

Meet The Cryptoworm, The Future of Ransomware (Threatpost) Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come

Self-spreading ransomware next computer threat, Cisco Systems says (CBC) Samsam or Samas strain encrypts large databases and locks out authorized users until ransom paid

Imagining The Ransomware Of The Future (Dark Reading) Cisco Talos Lab paints a dark picture of what ransomware could have in store next

Security experts find ‘no cure’ for ransomware (Financial Times) When an administrator at Brown University downloaded an invoice she received by email, she did not expect it to kidnap data from her and her colleagues’ computers, encrypt it and demand a ransom for its release

What’s in a Name? For Crimeware and DDoS Sellers, Everything! (Recorded Future) A recent OVERFLOW DDoS BOT Web advertisement serves as a good example for scalable threat assessment and prioritization workflow

Watch out! There are Apple ID SMS phishers about! (Graham Cluley) "Your Apple ID is due to be expire today"... yeah, right

Cyberattackers Find Coveted Openings in Easy-to-Fix Network Vulnerabilities (Legaltech News) While network vulnerabilities and the rise of DIY servers provide openings for hackers, simple network fixes can prevent up to 85 percent of these cyberattacks

Moxa Won’t Patch Publicly Disclosed Flaws Until August (Threatpost) A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT)

Baddies' brilliant plan to get mobile malware whitelisted: Bribery (Register) App developers like money too

Scammer fakes kidnapping using information posted on Facebook (Naked Security) Conjure up your greatest fear about posting stuff on social media. Got it? It can’t be too much worse than what seems to have happened to Hector Martinez

Bulletin (SB16-102) Vulnerability Summary for the Week of April 4, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Just say NO to Adobe Flash Player -- emergency patch vs. Cerber ransomware (Computerworld) Adobe Systems’ Flash Player software is vulnerable (again). Ransomware is exploiting it. So patch now—or just uninstall it already!

Microsoft Outlook users with Office 365 get a security perk: Unsafe email warnings (PCWorld) Think of it as another layer of armor protecting you from spammers and phishing attacks

Facebook to tackle how shady advertisers rip off users (Naked Security) “If you can smell it, is that good for you?”

Cyber Trends

The rise of shadow IT (WhaTech) Question: what does BYOD have in common with shadow IT? Answer: they both started out as headaches for CIOs but have now become, or are becoming an accepted, and valued part of corporate IT

The inconvenient truth about API security (Help Net Security) Ovum Consulting asked IT and security professionals across a variety of industries globally about their use of APIs, adoption of API management platforms, and the security features included in those platforms

6 Cyber Surveys to Know: Ever-Evolving Needs for Data Security (Legaltech News) Exponential increases in data volume reveal new information governance needs. These surveys shed insights on the issues around big data

Keeping a grip on cyber risk, regulation increasingly challenging (Business Insurance) Forecasting critical risks is becoming increasingly more difficult, according to the 13th annual “Excellence in Risk Management” report released Monday by Marsh L.L.C and the Risk & Insurance Management Society Inc


Dell Preps for SecureWorks IPO as Cybersecurity Stocks Shine (The Street) Dell is making headway toward its spinoff of cybersecurity arm SecureWorks Inc., highlighting the strength of the cybersecurity sector amid an otherwise tough market for tech IPOs

Dell's SecureWorks valued at $1.42 billion in year's first tech IPO (Retuers) Dell Inc's [DI.Ul] cyber security unit, SecureWorks Corp, could be valued at up to $1.42 billion in its initial public offering, the first major U.S. listing of a technology company this year

BAE Taps Cyber Skills Honed for Spooks to Win Clients (Bloomberg Technology) In January, BAE Systems Plc got a routine call from a new client: The health-care company’s computer systems were mysteriously crashing. BAE’s sleuths soon discovered a dangerous new strain of a virus called Qbot

Gil Shwed threatens to move Check Point abroad (Globes) The Israeli IT security company's founder and CEO has complained about Check Point's tax burden

The 'Darth Vader' of Cyberwar Sold Services to Canada (Vice News) Documents show the Canadian military paid thousands of dollars to one of the world's most infamous cyber security firms at least twice

7 Hot Security Analytics Startups (eSecurity Planet) IT security startups are bringing technologies such as Big Data, predictive analytics and machine learning to the front lines of the cyber war. While most security analytics tools are marketed as adjuncts to existing security infrastructure, that could change as organizations explore their options and test drive these new tools

Bitcoin Messiah Patrick Byrne’s Medical Leave Could Rattle Blockchain’s Future (Wired) CEO and chairman Patrick Byrne has taken an indefinite medical leave of absence from the company, a decision will be felt most among the worldwide community working to advance bitcoin and the bitcoin blockchain

GSA Federal Acquisition Service Issues RFI on Cybersecurity Services for Gov’t Agencies (ExecutiveBiz) The General Services Administration is requesting information on existing cybersecurity services in the market that could meet the needs of government agencies

The four qualities of a successful cyber security start-up (Information Age) Investment in cyber security startups is increasing, but what will make a company the next big success story?

3 Steps to Thriving in One of Cybersecurity's 1 Million Open Positions (SecurityWeek) Cisco's John Stewart believes there are roughly a million security role vacancies, and this gap is now officially a crisis

MITRE Appoints Dr. Jay Schnitzer Vice President and Chief Technology Officer (MITRE) The MITRE Corporation appointed Dr. Jay Schnitzer vice president and chief technology officer (CTO)

Duo Security Hires Ambrosia Vertesi as Vice President of People & Culture (PRNewswire) Duo Security, a cloud-based trusted access provider protecting the world's largest and fastest-growing companies, today announced that it welcomes to the executive team Ambrosia Vertesi as Vice President of People. Ambrosia was most recently Vice President of Talent at Hootsuite, where she spearheaded the company's hyper growth - from twenty to nearly a thousand employees globally in four years

RSA Picks Up Former Fortinet CMO, New Head Of Global Services (CRN) RSA is bolstering its executive lineup ahead of its parent company's pending purchase by Dell, adding Holly Rollo as chief marketing officer and Doug Howard as vice president of global services

DarkMatter Appoints Ex-Cisco Veteran Senior Vice President of Sales, Marketing & Business Development (PRNewswire) Rabih Dabboussi spent 20 years with Cisco in various leadership roles, most recently as Managing Director of Cisco UAE

Brooke Seawell Joins Malwarebytes Board of Directors (BusinessWire) Seawell brings more than 30 years of finance, operations and board leadership

Products, Services, and Solutions

Customized cyber coverage offered with $100 million in limits (Business Insurance) Beazley Group P.L.C. and a unit of Munich Reinsurance Co. Ltd. unit have entered into a coinsurance partnership to provide buyers with cyber limits up to $100 million or €100 million and coverage that is tailored, the insurers announced Monday

QA launches cyber attack defence training facility in London (ComputerWeekly) Training firm QA launches a cyber attack simulation facility in London to enable organisations to test and learn cyber defence skills

Your Data on a Date: Data Security for Every Occasion (IBM Security Intelligence Blog) You know how it is: They’ve met online, the attraction has built, and now they are going on their first date

A10 Networks Releases Fourth Generation Appliance Line (eWeek) A10 Networks' products have a variety of form factors, including physical, software or cloud-based, ensuring flexibility

Webroot: Smarter Cybersecurity & All the Protection Your Devices Need (Movie TV Tech Geeks) We’ve always known that malware, hackware, and most other wares are out there on the big bad internet, but this year, a new vicious one called ransomeware has been created

Technologies, Techniques, and Standards

Petya ransomware encryption has been cracked (Help Net Security) Petya ransomware hit companies hard, but the good news is that there are now tools available to get the encrypted files and locked computers back

Lateral Movement: When Cyber Attacks Go Sideways (SecurityWeek) Finding and stopping cyber attacks has become a key priority for everyone from the C-suite all the way to the frontline security and network administrator

European telcos join ETIS cybercrime initiative (Telecompaper) Global telecoms association ETIS has joined forces with Proximus, KPN, Swisscom and A1 Telekom Austria to launch an initiative aimed at professionalising the exchange of cyber threat intelligence among European telecoms providers

How to keep the IoT predators at bay (Computer Business Review) Opinion: Huntsman Security's Piers Wilson looks at the Internet of Things and how businesses can protect themselves from the potential threats

Why the FBI director puts tape over his webcam – and you should too (Naked Security) FBI Director James Comey gave a speech at Kenyon College in Ohio last week, making his case that “absolute privacy” has never existed in America – until now, when encryption by default creates spaces where law enforcement can not go, even with a court order

Design and Innovation

How monitoring behaviour could unmask the fraudsters (BBC) Thieves and fraudsters want to get their hands on our cash and data. And these days they can attack us from all corners of the globe

Click flicks and Hollywood hackers (Raytheon) Real-life cyber experts review the best and worst movie hackers

Hackers set to infiltrate New York film festival (Christian Science Monitor Passcode) Why DEF CON, one of the world's premiere hacker conferences, is setting up shop at one of the nation's top film festivals

Killing Clippy: Lessons in Usability & Legacy Code (Duo Security) Ah, Clippy. Some of us remember that creepy animated assistant that came pre-installed in Microsoft Office in the late 90s

Do GPU optimized databases threaten the hegemony of Oracle, Splunk and Hadoop? (Diginomica) GPU optimized databases are rapidly moving from science project to business reality. Here’s what it means


Registration Opens for U.S. Cyber Challenge’s Annual Cyber Quests Competition (US Cyber Challenge) U.S. Cyber Challenge opened registration today for the 2016 Cyber Quests online competition

Call for Papers: Journal of Cybersecurity Research (JCR). (Journal of Cybersecurity Research) The Clute Institute seeks quality journal manuscripts in cybersecurity research for publication in JCR. Inquires and manuscripts should be submitted to Accepted manuscripts are published open access (free of charge) on the Internet

Stanford launches new online courses in computer security (PRNewswire) Staying ahead in the cyber security game is critical to defending against new threats. To protect against cybercrime, corporations, business and government must continuously update their security measures and keep employees properly trained

Universities aren’t doing enough to train the cyberdefenders America desperately needs (Washington Post) The threat of hacking seems to lurk around every corner, but American universities may not be doing enough to prepare the next generation of cyberdefenders

Legislation, Policy, and Regulation

Hashtag warfare: Anti-ISIS coalition looks to enhance its online messaging (Military Times) The U.S.-led military coalition battling the Islamic State group is expanding its online messaging efforts, launching a new digital hub intended to showcase the campaign's scope and successes, and making more deliberate moves on social media

Back to the drawing board on Wassenaar (Politico) An international summit is taking place this week in Vienna, where the United States is set to advocate renegotiating export controls that provoked widespread fears they would cripple the American cybersecurity industry, multiple sources told MC

European regulators to issue opinion on data transfer deal (The Hill) European privacy regulators are set to issue an opinion this week on a pending data transfer deal between the United States and the European Union

U.S. Senate Working on New Encryption Bill (Legaltech News) The pending legislation seeks to provide technical assistant to law enforcement when dealing with decrypted information, but privacy advocates cry foul

U.S. Bill Would Prioritize Cybersecurity at the Board Level (Lexology) In recent years, there has been an increase in the frequency and sophistication of cybersecurity attacks on both businesses and governments

Rep. Katherine Clark's crusade against the Internet's tormentors (Christian Science Monitor Passcode) The congresswoman from Massachusetts has made stamping out online harassment one of her signature issues and as a result has felt the slings and arrows of the hoards of digital harassers

US DoD prioritises cyber hardening (IHS Jane's) US Cyber Command (CYBERCOM) will be "Shifting from a focus on building the command to an emphasis on operationalising, sustaining, and expanding its capabilities" according to US Navy Admiral Michael Rogers, commander of the US Cyber Command (CYBERCOM), director of the National Security Agency (NSA), and chief of Department of Defense (DOD) Central Security Services

Soldiers and operators shift towards cyber electromagnetic activities (Homeland Prep News) The United States Army Cyber Command announced last week that soldiers and operators at the corps level or below will be shifting towards cyber electromagnetic activities (CEMA)

Litigation, Investigation, and Law Enforcement

British Border Force Hacked Refugees’ Laptops and Phones for 3 Years (Hack Read) As expected, the news sparked outrage amongst civil right groups and rape victim campaigners who claimed it was distressing to know the British government could target some of the most vulnerable people in a society like that

Obama ‘neither sought nor received’ briefing on Clinton email probe (The Hill) President Obama has neither requested nor received confidential briefings about federal investigations into Democratic presidential front-runner Hillary Clinton’s private email server, and his only source of knowledge is public news reporting, the White House said on Monday

Past cases suggest Hillary won’t be indicted (Politico) A Politico review shows marked differences between her case and those that led to charges

Charge Sheet Details Case Against Sailor Accused of Spying for China ( A U.S. Navy officer accused of giving defense secrets to the Chinese government is Lt. Cmdr. Edward Lin, an official confirmed to on Monday

Accused spy served in one of Navy's most shadowy squadrons (Military Times) A U.S. Navy officer charged with spying for a foreign power worked at one of the service's most elite reconnaissance squadrons, whose operations are shrouded in secrecy

Did an Accused Navy Spy Trade Secrets for Sex? (Daily Beast) He says he grew up dreaming of Disneyland in his native Taiwan. But after he joined the U.S. Navy, defense officials say, accused spy Edward Lin’s life took a much darker turn

Documentaries about an expert convicted of leaking classified information (Help Net Security) Stephen Kim was a top level state department intelligence analyst. He went to prison under the Espionage Act

Ex-US Scientist Sentenced in Attempted Cyber-Attack (AP via ABC News) A former Nuclear Regulatory Commission scientist has been sentenced to a year and a half in prison for plotting a cyberattack on federal government computers. Charles Harvey Eccleston was sentenced Monday in Washington's federal court

Cybersecurity Expert Caught in FBI Mass Hack Gets Two Days Jail Time (Motherboard) The Department of Justice has charged at least 137 people in the US with child pornography related crimes, after the FBI used a hacking tool to identify visitors of a large site on the so-called dark web. Many of those people are facing years in prison. One person caught has avoided any serious jail time altogether though: Brian Haller, a former cybersecurity employee at Booz Allen Hamilton who himself has ties to the government

Publishers Strike Back at a Browser That Replaces Their Ads (Wired) Javascript creator Brendan Eich’s plan to flip web advertising on its head just hit a legal snag

First came the Breathalyzer, now meet the roadside police “textalyzer” (Ars Technica) Drivers in accidents could risk losing license for refusing to submit phone to testing

Sony Breach Settlement Reached (Dark Reading) Sony agreed to provide three years of identity theft protection to victims of data breach

How an internet mapping glitch turned a random Kansas farm into a digital hell (Fusion) An hour’s drive from Wichita, Kansas, in a little town called Potwin, there is a 360-acre piece of land with a very big problem

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Security through Innovation Summit (Pentagon City, Virginia, USA, April 14, 2016) The Security Through Innovation Summit will bring together top thought leaders and innovators from the Gov IT community to discuss the latest trends in public sector cybersecurity, including cloud deployments,...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

Upcoming Events

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based...

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per...

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, April 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills...

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting...

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

Cloud Security Expo 2016 (London, England, UK, April 12 - 14, 2016) Cloud Security Expo is a cloud security event with over 80 dedicated cloud security exhibitors, seven streams of content, over 150 security speakers, and 40 real cloud security and compliance case studies.

ACSC Conference 2016 (Canberra, Australia, April 12 - 14, 2016) The ACSC Conference 2016 will bring together experts from Australia and abroad to discuss trends, mitigations and advances in cyber security. CEOs, CIOs, CISOs, CTOs, ICT Managers, ITSAs, ITSPs, IRAP Assessors,...

CISO Dallas (Dallas, Texas, USA, April 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Security through Innovation Summit (Pentagon City, Virginia, USA, April 14, 2016) The Security Through Innovation Summit will bring together top thought leaders and innovators from the Gov IT community to discuss the latest trends in public sector cybersecurity, including cloud deployments,...

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share...

2016 Cybersecurity Symposium ( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes...

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB...

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.