skip navigation

More signal. Less noise.

Daily briefing.

Chancellor Merkel yesterday replaced Gerhard Schindler as head of Germany’s foreign intelligence service, the Bundesnachrichtendienst (BND). The shift seems prompted by Bundestag inquiries concluding that the BND was too cooperative with allied nations’ surveillance operations.

The Budeswehr has also announced plans to organize a military cyber capability for Germany.

The US FBI is investigating—and taking seriously—a “hit list” of some 3600 New Yorkers published by the newly announced United Cyber Caliphate (UCC). Observers scorn the UCC’s technical hacking capabilities, but its ability to inspire murder is another matter altogether.

A nuclear plant in the Bavarian town of Gundremmingen has discovered malware in some of its systems. The infections are the venerable and well-known Conficker and W32.Ramnit. Both appear to have been contained without doing damage or compromising safety. (Indeed, they may have been in place for some time.) Infections have also been found on removable storage media at the plant, which suggests a possible infection vector.

BAE Systems warns that malware used in the Bangladesh Bank heist is part of a toolkit with broader uses: we can expect to see it again.

Facebook users are being targeted by a social engineering campaign that draws users to a malicious video file. ESET recommends removing “make a GIF” Chrome extensions.

Microsoft researchers track the Platinum espionage group, which since 2009 has hit targets in Asia using hot patching to avoid detection.

Analysts mull the disappointing SecureWorks IPO and wonder whether security industry consolidation will dry up venture funding for start-ups.


Today's issue includes events affecting Australia, China, Germany, India, Indonesia, Iraq, Japan, Kenya, Democratic Peoples Republic of Korea, Malaysia, Philippines, Russia, Syria, Taiwan, Thailand, United Kingdom, United States, and Vietnam.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. If you've ever wondered why law firms are such attractive nuisances for hacker (as the plaintiff's attorneys might say) then tune in and wonder no more, as Markus Rauschecker from the University of Maryland's Center for Health and Homeland Security lays it all out for us.

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Thousands of New Yorkers named as apparent Islamic State targets (Christian Science Monitor Passcode) An online group claiming Islamic State ties threatened 3,600 New Yorkers and distributed their personal information last week on a secure messaging app

ISIS hackers respond to US cyberattacks with threat (Vocativ via AOL) A group of pro-ISIS hackers known as the United Cyber Caliphate responded to cyber attacks mounted by the U.S. against the terror group with a threat

Pro-Daesh hackers: More bark than bite, lacking in skills and resources (CSO) Flashpoint report says ISIS hackers are a fragmented bunch, more propaganda than fight

Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled (Dark Reading) Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame

Why the U.S. is bragging about dropping 'cyberbombs' on ISIS (Mashable) The U.S. has started "dropping cyberbombs" on ISIS computer networks, according to a recent New York Times report

German nuclear plant suffers cyber attack designed to give hackers remote access (Telegraph) A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility's operations because it is isolated from the Internet, the station's operator said on Tuesday

IoT attacks threaten national security, say cyber experts (Army News Service via DVIDS) Dams, the power grid and other such infrastructure were once closed network systems. Then they were added to the Internet

Anonymous Leaks 1TB of Data from Kenya’ Ministry of Foreign Affairs (Hack Read) The online hacktivist Anonymous has conducted a sophisticated cyber attack on the government of Kenya by breaching its Foreign ministry server, stealing a trove of data and ending up leaking some of it on the Dark Web. The cyber attack was conducted under the banner of operation OpAfrica which was launched last year against child abuse, child labour and corruption in the African countries

Malware ‘used as part of a wider toolkit’ in Bangladesh Bank attack (We Live Security) Malware used by cybercriminals to carry out one of the biggest cyberheists in history is thought to have been “part of a wider attack toolkit”, according to a BAE Systems’ security researcher

New malware targets Facebook users (Manilla Bulletin) IT security company ESET warned Facebook users on Wednesday (April 27, 2016) of another malware-spreading scam

New Attack Technique Hides Spread of RATs in Asia (TechNewsWorld) SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn't touch the victim's computer disk in an unencrypted state

Platinum APT Group Abuses Windows Hotpatching (Threatpost) An obscure Windows feature known as hotpatching, missing in the OS since the introduction of Windows 8, is a preferred tool used by a resourced attack group called Platinum that was uncovered by Microsoft

Cyberespionage group abuses Windows hotpatching mechanism for malware stealth (IDG via CSO) The group has targeted Asian government organizations since 2009

Qatar National Bank Suffers Massive Breach (InfoRisk Today) Customer details, card data apparently leaked online

Examining the leaked passwords and PINs from Qatar National Bank (CSO) Those accused of being spies make common, careless password mistakes

Verizon: Sabotage incidents soar as workers strike (CNN Money) Cord-cutting has been taken to a new extreme at Verizon -- and the company is suggesting striking workers are to blame

7 million users affected by Minecraft community Lifeboat data breach (Help Net Security) Minecraft community fansite “Lifeboat” has admitted that it suffered a data breach in January, after security researcher Troy Hunt added some of the stolen data to his “Have I Been Pwned?” website

Hillary supporters accused of taking down Bernie FB pages in porn attack (The Hill) Multiple Facebook pages supporting Democratic presidential candidate Bernie Sanders were abruptly removed from the social media network late last night following a cyberattack

Security Patches, Mitigations, and Software Updates

Users are patching Windows, but QuickTime and Java vulnerabilities remain, says Secunia (ZDNet) Secunia's latest reports of software vulnerabilities on PCs running Microsoft Windows should prompt users to patch all their software, and uninstall both Apple QuickTime and Oracle Java

Cyber Trends

AppRiver Reports Q1 2016 Spam, Malware Traffic Eclipses 2015 Highs (Investing News) AppRiver, LLC, a leading provider of email messaging and Web security solutions, today confirmed that the levels of spam and malware email traffic it recorded during Q1 has already surpassed total levels documented during the whole of 2015, totaling at 2.3 billion malicious email messages, with 1.7 billion occurring in March alone

Whistleblower Snowden Gets Big Screen Treatment (Eyewitness News) The trailer for Oliver Stone’s ‘Snowden’ was released on Wednesday


'Made in India' Cybersecurity: Why Not? (InfoRisk Today) Here's how the nation can become a global information security powerhouse

Nasdaq CEO: Could've done better on SecureWorks, but at least IPOs are pricing (CNBC) Nasdaq CEO Bob Greifeld acknowledged on Wednesday that the initial public offering for information security firm SecureWorks could have gone better, but he pointed to a silver lining: at least IPOs are finally pricing

Has market consolidation killed VC investment in cyber security startups? (Computer Business Review) Industry experts weigh in on where the smart money is going in cyber security

BugCrowd's $15m fund win shows Oz infosec can score Series B: CEO (Register) Don't sit on your ideas, bug chief urges hackers

La startup SparkCognition lève 6M$ pour la maintenance prédictive (ObjetConnecte) SparkCognition, startup spécialisée dans l’intelligence artificielle et la cyber-sécurité, a clôturé une levée de fonds de 6 millions de dollars en série B auprès d’investisseurs comme Verizon Ventures et CME Ventures

2 Cybersecurity Buyouts to Watch for (Motley Fool) Will FireEye and CyberArk get bought out in a market-wide consolidation?

Is FireEye the Best Stock in Cyber Security Market? (GuruFocus) FireEye has risen at a rapid rate over the last few weeks

Makes Perfect Disruptive Stock Pair- Akamai Technologies (NASDAQ:AKAM), NIKE (NYSE:NKE), Sempra Energy (NYSE:SRE) (Seneca Globe) Akamai Technologies, Inc. (NASDAQ:AKAM) kept in active run as it closed at $52.66 by shows upbeat performance moving up 3.07% with session volume was recorded 3.72 Million.Akamai Technologies Inc, released that a improved than anticipated 7.8% rise in quarterly income, helped by higher demand for its cloud security services. Income from Akamai’s cloud security business, which protects websites and data centers from cyber attacks, surged 46 percent to $80.7 million for the first quarter

Lockheed Martin announces layoffs (WBNG) Military contractor Lockheed Martin is making cuts to its workforce

Hewlett Packard Enterprise: Wanna walk the plank voluntarily? You got it (Register) Either way, biz wants to cut 1,092 UK staffers from the wage bill

RiskIQ Selected as One of JMP Securities Fast 50 Hottest Privately Held Security Companies (Realwire) Builds on strong 2015 and consolidates leadership position as the external threat management platform of choice

Government and Industry Need to Clean Up Their Procurement Act (SIGNAL Magazine) Neither side is happy, but both agree current acquisition policies and cultures must change

Intelligence community launches classified marketplace for cloud technology (Federal News Radio) The U.S. intelligence community has just opened a new marketplace for cloud applications, the idea being to let analysts and developers test-drive thousands of commercial data analytic tools for a pittance and without waiting for their agencies to make large commitments of time and money via usual government procurement channels

Forcepoint Names Matthew P. Moynahan as CEO (PRNewswire) Industry leader tapped to drive security company forward

FireMon Delivers Record 2015 Revenue; Adds Security Industry Veteran as CMO in Q1 2016 (MarketWired) Former Juniper Networks and McAfee marketing executive Michael Callahan joins FireMon as the security management company builds on record revenue, bookings and customer growth

Do you have what it takes to be an independent security consultant? (Help Net Security) It doesn’t matter if you’re part of a big enterprise or a small company, you’ve probably wondered at least once what it would be like to work for yourself

Products, Services, and Solutions

C3 Alliance is a Justice League for Privileged Account Protection (Infosecurity Magazine) CyberArk has launched the equivalent of a cyber Justice League: The C3 Alliance brings together a super-group of companies for the purpose of boosting privileged account security best practices

California Department of Water Resources Delivers Secure IT Services Using Arkin (BusinessWire) Enables fully operational cloud 3.0; next-gen, software-defined data center to improve multi-tenancy and aecurity

Allot Enables Mobile Service Providers to Extend Security Beyond Network Boundaries with Secure Dome (Consumer Electronics) Extending its SECaaS platform capabilities, Allot WebSafe Personal and WebSafe Business now protect broadband users from malware, ransomware and other online security threats anywhere, anytime

IT Weapons Partners with Thycotic to Reduce Cyber Risk for Global Client Base (PRNewswire) Partnership shatters security risks by arming global consultants with enterprise privileged account management

Death of the enterprise VPN - if remote access is not secure what comes next? (ComputerWorld) Enterprise VPNs are an idea out of time. Zscaler's Private Access wants to be what's next

Samsung moves Knox beyond security with business services push (Android Central) Samsung is expanding its Knox security platform with a new group of business-focused tools. The new Knox will move beyond not just mobile, but security as well, transforming into the platform on which Samsung's enterprise services are built

SentinelOne Certified for HIPAA and PCI DSS Compliance (BusinessWire) Security assessor report validates next-generation endpoint protection platform exceeds compliance requirements for replacing antivirus

DarkMatter and Symantec to Provide Next-generation Cyber Security Solutions and Services (PRNewswire) DarkMatter, an international cyber security firm headquartered in the United Arab Emirates (UAE), today announced it is entering a partnership arrangement with Symantec Corporation, (NASDAQ: SYMC), a global leader in information protection and security software, to provide security solutions and services to help customers navigate the complex world of threats and cyber-crime

High-Tech Bridge Launches Malicious Domain Discovery Service (Newswire Today) Following a very successful launch of SSL/TLS security and web server security testing services (over 500’000 servers tested in 6 months), High-Tech Bridge ( completes its portfolio of free web security services with domain security radar. The new service reveals various unethical, malicious or illegal activities with domain names, such as identity theft, brand and trade mark forgery, domain squatting, typosquatting and phishing

Arxan Honored for Mobile and Internet of Things Application Security (Mobile Marketing Watch) Arxan Technologies, a provider of application protection solutions, announced Tuesday that it has been named as Cybersecurity Product winner of the 2016 Cybersecurity Excellence Award in the Internet of things

Technologies, Techniques, and Standards

PCI DSS 3.2: 3 Things You Need to Know (Dark Reading) The latest round of upgrades are incremental yet necessary

Kaspersky Labs launches lifeline for CryptXXX ransomware victims (ZDNet) This ransomware is particularly nasty as it does not just lock your files, but also steals your data and any Bitcoin you have stored on your PC

Encryption Curveballs: Top 10 Things to Know Before Enabling ECC Ciphers (Information Security Buzz) Over the past two years, everyone has become much more acutely aware of not only encrypting all HTTP traffic, but also how that traffic is encrypted

4 Tips For Planning An Effective Security Budget (Dark Reading) Security budgets start with managers assessing all of their resources and measuring the effectiveness of their security programs for strengths and weaknesses

8 Signs Your Security Culture Lacks Consistency (Dark Reading) Organizations that practice what they preach and match their actions to their words do far better achieving their goals than those that do not. Here's why that matters

Design and Innovation

An Approach to James Comey's Technical Challenge (Lawfare) In 2014, at the very beginning of the “Going Dark debate,” FBI Director James Comey gave a challenge to the technical community. Is it possible to create a “front-door” that law enforcement can use to access encrypted devices that doesn’t put other users at risk?

The inherent problems of the detection paradigm (Help Net Security) An ongoing debate in the modern cybersecurity world is whether to detect or prevent cyberattacks. Although detection technologies are undoubtedly important tools in the defender arsenal, recent years show they have only limited effects when encountering certain types of cyberattacks

Legislation, Policy, and Regulation

Angela Merkel Abruptly Fires Germany’s Spy Chief (New York Times) Chancellor Angela Merkel on Wednesday replaced the chief of Germany’s foreign intelligence service. The move caught many by surprise as Europe faces growing pressure from Islamist terrorism and as the chancellor looks ahead to a general election next year

Germany Creates Cyber, IT Defense Branch (Defense News) German Defence Minister Ursula von der Leyen has unveiled plans to establish a new cyber force to enhance the defense effectiveness of the country's armed force

Japan's Achilles Heel: Cybersecurity (Diplomat) Japan is uniquely underprepared for the cyber challenges of the 21st century

New focus on air superiority must include ground, cyber and space assets, official warns (Air Force Times) If the Air Force wants to maintain air superiority in the future, it’s going to have to focus its attention on the ground, a British military officer said Tuesday

More money doesn’t guarantee success in cyber security race (The Conversation) Over the next four years, Australia’s federal government will invest more than A$230 million on cyber security. Put another way, A$57.5 million per annum will be taken from one part of the federal budget and spent instead on cyber security

In rare unanimous move, House passes bill to protect email and cloud privacy (CSO) The Email Privacy Act would require police to get warrants to search data stored in the cloud

Protecting physical infrastructure with cyber (FCW) The National Protections and Program Directorate's reorganization is still awaiting congressional approval, but the under secretary for the Department of Homeland Security's cyber division has a clear sense of mission, and a clear message to agencies and companies preparing for cyber threats: the way to minimize physical consequences to critical infrastructure is by prioritizing a "holistic" view of cybersecurity

David Johnson Named Associate Executive Assistant Director for the Criminal, Cyber, Response, and Services Branch (Federal Bureau of Investigation) FBI Director James B. Comey has named David Johnson as the associate executive assistant director of the Criminal, Cyber, Response, and Services Branch

Litigation, Investigation, and Law Enforcement

FBI will not share iPhone vulnerability in San Bernardino case (FCW) The FBI has opted not to submit the method used to unlock the Apple iPhone of one of the San Bernardino, Calif., shooters to an interagency review process for disclosing software vulnerabilities

Epic Systems vs. Tata: Key Security Questions (InfoRisk Today) Protecting trade secrets from unauthorized users

Sailor Accused of Spying for China Could Dodge Trial (Daily Beast) Navy officer Edward Lin is charged with sharing classified information with Taiwan and China—possibly in exchange for sex. But he may never see the inside of a courtroom

Sextortion, Cyber Stalking: U.S. Embassy Official Facing 4 Years in Prison (Hack Read) In 2015, Ford was charged with sextortion and cyber stalking scheme— now, he has been sent to prison for four years and nine months

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...

Upcoming Events

CISO Houston (Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Cybersecurity Futures 2020 (Washington, DC, USA, April 28, 2016) On April 28, some of the country's leading policymakers, hackers, and creative thinkers will join Passcode and UC Berkeley to discuss the Internet's alternate futures – and explore how unconventional thinking...

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, April 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond.

CISO United States (Chicago, Illinois, USA, May 1 - 3, 2016) The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda...

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s...

Cyber Investing Summit 2016 (New York, New York, USA, May 3, 2016) The Cyber Investing Summit is an all-day conference focusing on the investment opportunities, trends and strategies available in the $100+ billion cyber security sector. Network with investment professionals,...

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce...

SecureWorld Kansas City (Overland Park, Kansas, USA, May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May...

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May...

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the...

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.