skip navigation

More signal. Less noise.

Daily briefing.

Philippine police make an arrest in the Commission on Elections (Comelec) hack that compromised some 55 million voter records. The Manilla Bulletin and the International Business Times are reporting that the person arrested was known as a white-hat hacker committed to responsible disclosure. The hack hasn’t halted elections; they’re being held on schedule.

Mexican authorities are dealing with public exposure of 93 million voters’ data. A misconfigured MongoDB has apparently been sitting on an Amazon Web Services account since September 2015. The data were pulled this morning, according to Salted Hash.

JIGSAW and CryptXXX ransomware continue to find victims. The surge in ransomware seems correlated with higher levels of Nuclear exploit kit use.

Cisco has patched several of its products, most prominently denial-of-service vulnerabilities in wireless LAN controllers. Earlier this week Oracle released 136 patches for a wide variety of offerings.

In industry news, SecureWorks priced its initially public offering last night. Stock will initially be offered at $14 per share, somewhat lower than the expected $15.50-$17.50. SecureWorks will trade under the SCWX ticker symbol.

Chip-and-PIN technology is coming to US retail, but not without recriminations. Merchants complain that card companies are too slow in certifying EVM software.

FireEye suggests that China may really have backed away from hacking for economic advantage. The country’s strategic shift away from manufacturing appears to lie behind the change.

The FBI paid at least $1.3 million for a zero-day that let them access the San Bernardino jihadist’s iPhone. The Bureau considers it a bargain.


Today's issue includes events affecting Algeria, China, Israel, Mexico, Philippines, Thailand, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll learn about Stingrays and mobile privacy from the University of Maryland's Ben Yelin. And Joe Opacki of Phishlabs will talk to us about the growing sophistication of phishing schemes.

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) ITSEF introduces entrepreneurs to government, business and investment leaders for open collaboration on cybersecurity challenges. Register today.

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Dateline SINET ITSEF 2016

SINET IT Security Entrepreneurs Forum (ITSEF) 2016: "Bridging the Gap Between Silicon Valley and the Beltway" (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Closing Thoughts on SINET ITSEF 2016: Managing Risk, Making it Easy on Your Customers (The CyberWire) We offer some quick notes and reflections on the closing sessions of SINET’s ITSET 2016. The panels and presentations we describe today will, we believe, be of interest to the entrepreneur

Cyber Attacks, Threats, and Vulnerabilities

MongoDB configuration error exposed 93 million Mexican voter records (CSO) According to Mexican law, it's illegal to use voter records for personal gain

Databases Remain Soft Underbelly Of Cybersecurity (Dark Reading) Most enterprises still don't continuously monitor database activity

“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings (Ars Technica) Exploit kit's inner workings exposed as researchers help shut down its servers

JIGSAW Takes Crypto-Ransomware in Deadly Directions (IBM Security Intelligence) Horror films are being leveraged by the crypto-ransomware pushers in pursuit of your money. One ransomware strain, JIGSAW, uses the characters from the film “Saw” to instill fear into its victims

CryptXXX ransomware steals bitcoins and data from infected PCs (Graham Cluley) Ransomware asks for $500, and steadily increases its demands over time

A Brief History Of Ransomware (Dark Reading) A top ten chronicle of more than a decade of notable ransomware variants and trends

New point-of-sale malware Multigrain steals card data over DNS (IDG via CSO) The malware was designed for stealth operation inside restricted PoS environments

PoS Attacks Net Crooks 20 Million Stolen Bank Cards (Threatpost) In a storyline that rivals an episode of The Sopranos, researchers at FireEye documented the heist of bank card data from 20 million individuals that involved a complex web of crooks that may have netted hackers more than $100 million since 2014

How Hackers Have Honed Their Attacks (Dark Reading) More organizations are getting breached, but data exfiltration is becoming harder for attackers, new data shows

SIM-Swap Fraud: Dont be a Victim! (Check & Secure) While many of us regularly use mobile devices for banking, most of us (60-80%) remain suspicious and do little more than check our balance using mobile devices

Critical Infrastructure Vulnerable to Attack, NSA Leader Says (US Department of Defense) Strong dependence on industrial control systems, or ICS, is a serious vulnerability for industry, the National Security Agency’s deputy director said here yesterday

Giant Food Sees Giant Card Fraud Spike (KrebsOnSecurity) Citing a recent and large increase in credit card fraud, Washington, DC-area grocer Giant Food says it will no longer allow customers to use credit cards when purchasing gift cards and reloadable or prepaid debit cards

Security Patches, Mitigations, and Software Updates

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products (CSO) One of the vulnerabilities is critical and the rest are rated as high severity

Oracle releases 136 security patches for wide range of products (IDG via CSO) The company has adopted the new CVSS 3.0 vulnerability rating system, resulting in a larger number of flaws rated as high and critical

29% of Android devices can’t be patched by Google (Naked Security) Google on Tuesday released the second annual security report on its “toxic hellstew of vulnerabilities,” or what the rest of us know as Android

Cyber Trends

Is It Time to Rethink Cyber-Security Strategies? (Baseline) Despite the efforts devoted to thwarting cyber-attacks, the threats keep growing, and many question whether conventional methods are enough to protect a company

5 Reasons Cybercriminals Target Healthcare (Dark Reading) Cybercriminals are increasingly targeting healthcare institutions and successfully deploying malware and ransomware to exploit hospitals' need to recover quickly


As Pentagon Dawdles, Silicon Valley Sells Its Newest Tech Abroad (Defense One) A trio of tech CEOs say red tape and onerous requirements are undermining Ash Carter’s outreach efforts

SecureWorks Prices IPO Of 8 Mln Class A Common Stock At $14 A Share (RTT News) SecureWorks Corp. (SCWX), a provider of intelligence-driven information security solutions, announced late Thursday the pricing of its initial public offering of 8 million shares of its Class A common stock at a price to the public of $14 per share

Cyber Security Company SecureWorks Prices Year's First Tech IPO (Fortune) The computer security company is the first tech IPO of 2016

Palo Alto: Under Appreciated Free Cash Creates Opportunity (Benzinga) Palo Alto Networks Inc (PANW) shares have lost 8 percent since March 22. Morgan Stanley’s Keith Weiss maintained an Overweight rating for the company, while raising the price target from $171 to $185. The analyst mentioned that a 40 percent 3-year FCF CAGR made Palo Alto a Top Pick among Security stocks

Unisys CEO: Security Sales Set To Soar As Cybsecurity Software Is Taken Global (CRN) Unisys plans to double down on security-oriented consulting, infrastructure and managed services, and to extend its Stealth cybersecurity offering to vertical practices around the planet

Check Point chugs on: Profits and revenues up despite volatile market (Register) CEO warns that he's 'cautious as regards overall IT industry spending'

Proofpoint Inc (PFPT) Issues FY16 Earnings Guidance (Más) Proofpoint Inc (NASDAQ:PFPT) issued an update on its FY16 earnings guidance on Thursday morning. The company provided EPS guidance of ($0.15)-(0.13) for the period, compared to the Thomson Reuters consensus EPS estimate of ($0.23), reports. The company issued revenue guidance of $350.5-353.5 million, compared to the consensus revenue estimate of $347.79 million.Proofpoint also updated its Q2 guidance to ($0.08)-(0.07) EPS

Cybersecurity startup formerly known as ThreatStream raises $30M (Silicon Valley Business Journal) Cybersecurity software startup Anomali, formerly known as Threatstream, raised $30 million on Thursday to expand internationally

CORRECTION - Bugcrowd Raises $15 Million to Bring Its Bug Bounty Security Platform to More Companies Around the Globe (Marketwired) In the news release, "Bugcrowd Raises $15 Million to Bring Its Bug Bounty Security Platform to More Companies Around the Globe," issued yesterday, April 20th, 2016, by Bugcrowd, we are advised by the company that the fifth paragraph has been amended

Intel's CEO Can't Seem To Shake John McAfee's Name (Forbes) In a presentation he delivered at the popular CES show in January 2014, Intel CEO Brian Krzanich said the chip giant would be eliminating the McAfee name from its security business and rebranding to Intel Security

Cyphort Named a Leader by Independent Research Firm in Automated Malware Analysis Report (BusinessWire) Cyphort cited for approaching analysis differently in both messaging and technology

SecureAuth Opens Federal Headquarters in Dulles Technology Corridor (MarketWired) SecureAuth Corporation, the leader in adaptive access control, today announced the official opening of its Reston, Virginia office. The office, strategically located in the Dulles Technology Corridor, will function as SecureAuth's federal headquarters and base for east coast members of the company's sales, marketing, pre-sales, customer development, support and professional services teams

Products, Services, and Solutions

Quick Assessment With Recorded Future Malware Intel Cards (Recorded Future) Staying on top of new malware families and variants is critical intelligence for many threat teams

Versasec Unveils vSEC:CMS 4.4 Smart Card Lifecycle (Verasec) New version of smart card management system focuses on performance, verifiable results

CyberX and Check Point Partner to Secure Industrial Networks (PRNewswire) CyberX, the pioneering provider of security solutions for industrial networks and Check Point® Software Technologies (NASDAQ: CHKP), have partnered to secure mission critical networks in the industrial arena. The joint offering delivers a high-level of protection with a proactive security solution ensuring industrial networks security

How a Secret Strategy Helps BlackBerry and Microsoft Solve Government’s Mobile Problem (IT Business Edge) Every once in a while, I run into something amazing. In this case, it is an effort announced at the AFCEA Defensive Cyber Operations Symposium that should ensure that BlackBerry and Microsoft dominate government and high-security enterprise mobile solutions, an effort that is not actually driven by Microsoft or BlackBerry

Future of anti-virus is pay-as-you-use (ITWeb) Pay-as-you-use Internet protection – the vision behind Panda Protection Service. "This 2016 product launch is just the tip of the iceberg," says Rado Svicin, VP of Consumer Business at Panda Security. Flexible and affordable protection the main aim

Technologies, Techniques, and Standards

Chip card payment confusion, anger rages on (CSO) Merchants blame card companies for delays in certifying EMV software

How Best To Back Up Your Data In Case Of A Ransomware Attack (Dark Reading) A ransomware attack could be around the corner, but there are some practical steps you can take to back up your data and deflect the attack

Speed is Key to Threat Intelligence Sharing at Every Level (MeriTalk) Speed and communication are key elements to effective threat intelligence in the government, according to panelists at the Akamai Government Forum on Thursday

Misunderstanding Indicators of Compromise (Threatpost) Reports of APT activities detail compromises spanning multiple organizations, sectors, industry verticals, and countries (over multiple years)

IDF's IT unit head: 'Our enemy understood it can try to shut us down with a cyber attack' (Jerusalem Post) Driven by rising enemy capabilities to launch cyber attacks that could paralyze IDF operations, the military unit in charge of IT infrastructure held a large-scale cyber war drill on Thursday, testing its ability to switch to shadow facilities in the event of a shut down

Security Lessons from C-3PO, Former CSO of the Millennium Falcon (Dark Reading) The business will take risks. When and how to speak up

Design and Innovation

Convergence Of Operational Risk And Cyber-Risk management in FS21 (FinExtra) Recent reports confirm the trend towards ever more serious cyber-security breaches (“90 percent of large companies have suffered a data breach over the last year, compared to 81 percent last year” PwC report – link)”, “Nearly half the population of the United States has been affected by breaches of protected health information (PHI) over the past 10+ years (Verizon Report – link). On a similar upward curve are the number of papers, methods and tools which offer of advice and guidance on risk management and regulatory compliance monitoring

Mea Culpa: Time To Build Security Into Connectivity (Dark Reading) How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell


University of Oregon: cybersecurity looks for students to counter the dark art of hacking (Register-Guard) The University of Oregon is bringing top cybersecurity experts to campus Friday for its sixth annual Oregon Cyber Security Day — and the event couldn’t be more timely

UC Recognized as a Leader in Cybersecurity Education (University of Cincinnati) UC's School of Information Technology has been designated a National Center of Academic Excellence in Cyber Defense Education

Illinois State meets growing need for cybersecurity professionals (Illinois State University) It’s a great time to be a cybersecurity professional.

Augusta needs to embrace cyber growth, AU president says (Augusta Chronicle) The relocation of the U.S. Army Cyber Command to Fort Gordon will create spinoff companies and jobs, but Augusta has to be ready to take advantage of that, Augusta University President Brooks Keel told the Augusta West Rotary Club on Thursday

Legislation, Policy, and Regulation

Why One Cybersecurity Firm Says China Has Soured on Conventional Hacking (Wall Street Journal) One of the most surprising recent moments in U.S.-China relations arrived last September in Washington D.C. when Barack Obama and Chinese President Xi Jinping told reporters they’d reached a deal to end state-supported hacking of corporate records for economic benefit

Fmr. NSA Director: U.S. Needs Security, Privacy (Fox Business) Top military and industry leaders convened at a cyber-summit at West Point, New York Thursday to discuss the latest advancements and struggles in America's fight against cyber terrorism

Lawmakers Want Updates on Pentagon’s Security Clearance Overhaul (Nextgov) House lawmakers want quarterly updates as the Defense Department builds a new state-of-the-art system to store sensitive background investigation forms on national security employees and contractors

Government CIOs Lean Toward Cloud for Security (MeriTalk) Cloud computing offers the most security for government data, argued Homeland Security CIO of U.S. Citizenship and Immigration Services Mark Schwartz, at the Akamai Government Forum on Thursday

DOD wants to stop playing 'whack-a-mole' on cyber (Defense Systems) The Defense Department is looking to get more proactive in defending its information network, rather than simply responding to attacks

Litigation, Investigation, and Law Enforcement

Philippines Cyber Cops Arrest "White Hat" Hacker Suspected of Exposing 55 Million Voters' Details (International Business Times) Law enforcement in the Philippines claim to have arrested one of the hackers involved with the breach of the country's Commission on Elections (Comelec). The National Bureau of Investigation (NBI), which is tasked with investigating the massive cyberattack that compromised millions of electoral records last month, has now announced the arrest of a man in his early twenties in relation to the hack

Philippine voter data hacked but polls to go ahead (AP via News & Observer) The hacking of a Philippine election database may have exposed the personal information of all 55 million registered voters, but will not undermine May 9 national elections, officials said Friday, in the latest hacking scandal to hit the Southeast Asian nation

FBI paid at least $1.3M for zero-day to get into San Bernardino iPhone (Ars Technica) FBI Director James Comey: "But it was, in my view, worth it"

The Cell Phone-Monitoring Agency You've Never Heard Of (Nextgov) A federal agency dedicated to monitoring cellular network traffic was watching last December as calls flooded San Bernardino 911 dispatchers. Nope, not the National Security Agency or the Federal Communications Commission. It was the National Coordinating Center for Communications, an obscure part of the Homeland Security Department

National Security Letters are now constitutional, judge rules (Ars Technica) The law's change "cures the deficiencies previously identified by this Court"

Judge tosses evidence obtained by FBI malware planted on dark website (Naked Security) A US federal judge has thrown out evidence in a child abuse imagery case obtained by the FBI’s use of a hacking tool

SEC Brings Enforcement Action Against a Broker-Dealer for Weak Cybersecurity Controls (JDSupra) On April 12, 2016, the U.S. Securities and Exchange Commission (“SEC”) continued its enforcement of reasonable cybersecurity controls, announcing cease and desist proceedings against a broker-dealer and two of its principals under Regulation S-P for its “failure to adopt written policies and procedures reasonably designed to ensure the security and confidentiality of customer records and information.” The SEC also found the broker-dealer in violation of Section 17(a) of the Exchange Act and Rule 17a-4 thereunder for failing to “make and keep certain communication relating to its business.” Although there was no allegation that any client suffered financial harm, the broker-dealer settled for $100,000, while the principals settled for $25,000 each

SpyEye Makers Get 24 Years in Prison (KrebsOnSecurity) Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Georgia today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims

Brazen no more, makers of account-draining bank trojan get 24 years (Ars Technica) SpyEye infected more than 50 million PCs and caused almost $1 billion in losses

Hospital will pay $2.2M for letting Dr. Oz show film w/o consent, air death (Ars Technica) Deceased’s family learned of footage by inadvertently watching it on TV

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s...

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Upcoming Events

Army SIGINT (Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees...

6th European Data Protection Days (EDPD) (Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments...

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions...

Staying Ahead of the Curve - Securing a Nation Amid Change (Washington, DC, USA, April 26, 2016) A discussion of the changing cybersecurity landscape, featuring a keynote by General Keith Alexander, former Director, National Security Agency, and a panel discussion of the challenges facing Federal...

Are You Protecting Your Business? Why Cyber Threat is a C-Level Priority (Cerritos, California, USA, April 26, 2016) Whether you’re a company of five or 5000, join us for this educational workshop and learn innovative ways to protect your small business from #cybercrime. FBI Special Agent Joey Abelon will share FBI insights...

Assured Communications 2016 (Crystal City, Virginia, USA, April 27, 2016) A basic tenet of building an expeditionary fighting force that can respond to hot spots around the world is the ability to surge. That applies to satellite bandwidth as much as it does to personnel and...

CISO Houston (Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Cybersecurity Futures 2020 (Washington, DC, USA, April 28, 2016) On April 28, some of the country's leading policymakers, hackers, and creative thinkers will join Passcode and UC Berkeley to discuss the Internet's alternate futures – and explore how unconventional thinking...

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, April 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda...

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s...

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.