skip navigation

More signal. Less noise.

Daily briefing.

Palo Alto Networks updates us on Operation Lotus Blossom and its Emissary Trojan. Mostly used in espionage directed against targets in Taiwan and Hong Kong, Emissary is morphing at a faster clip these days, which suggests its controllers are working to stay ahead of tracking by threat intelligence services.

Sucuri detects an uptick in Nuclear infections among WordPress sites. The attack code redirects traffic to domains that seem to host ads, then, after this misdirection, to the Nuclear kit itself.

Comodo is working on a fix for problems in its Chromodo browser, with an update expected next week.

Skybox Security and eSentire both raise significant amounts of new funding. Cisco is buying IoT shop Jasper Technologies for a reported $1.4 billion. Apple hires LegbaCore researchers who found the OS X Thunderstrike vulnerability last year. Recently departed Norse CEO Sam Glines writes to CSO's Salted Hash blog, defending Norse's integrity and disputing recent implications of misconduct.

Crowdstrike's Global Threat Report is out. It sees an increase in nation-state cyber conflict, more criminal resort to extortion in its various forms, and an increase in hacktivism matched by greater censorship.

Russia intends to increase spending on cyber offensive capabilities (and boasts that it's got the best hackers).

Analysts think Chinese cyber espionage will soon turn to agriculture and alternative energy.

Google considers displaying anti-radicalization and counter-terrorism messages beside search results whose terms suggest sympathy for ISIS.

The EU says businesses should realize that full details of Privacy Shield won't be final until April.


Today's issue includes events affecting Algeria, Benin, Cameroon, Chad, China, Germany, Israel, Niger, Nigeria, Saudi Arabia, Taiwan, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Nuclear EK Leveraged In Large WordPress Compromise Campaign (Malwarebytes Unpacked) Security company Sucuri recently noted a spike in WordPress infections, with a large number of sites getting injected with the same malicious scripts

Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? (Palo Alto Networks) In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Trojan and the Operation Lotus Blossom attack campaign, which prompted us to start collecting additional samples of Emissary

Websites running WordPress hacked to display money-making ads for hackers (Heat Software) Are you one of the millions of companies around the world running a WordPress-driven website?

Safeway Self-Checkout Skimmer Close Up (KrebsOnSecurity) In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn't disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device

Understanding Fileless Malware Infections — The Full Guide (Heimdal Security) Every once in a while, you may find yourself thinking back to simpler times

Study of another IP camera reveals serious problems (IDG via CSO) Patches have been released now

Socat vulnerability shows that crypto backdoors can be hard to spot (IDG via CSO) For a year, a non-prime number was used in the tool's cryptographic key exchange implementation, making it vulnerable

Did one faulty router bring down BT's network? That's not good (Graham Cluely) As has been widely reported in the UK press, "several hundred thousand" UK broadband users found themselves unable to connect to the net yesterday

'How Dashlane compromised my privacy on Twitter' (Graham Cluley) Dashlane's support center recently compromised my privacy on Twitter, an incident which I hope will serve as a cautionary tale for customer support representatives everywhere

Hackers Steal Account Details of 20.6 Mln Taobao Users (Marbridge Consulting) Police in Zhejiang province recently convened a press conference to announce that a group of hackers obtained information pertaining to approximately 99 mln accounts on Alibaba Group's (NYSE: BABA) C2C e-commerce site Taobao

No, you haven't hired a toilet. You've been sent malware (Graham Cluley) I work from home. My home has a loo

Most Likely, Most Destructive: Gen. Michael Hayden on the Biggest Cyberthreats (Wall Street Journal) What cybersecurity threats keep intelligence experts up at night?

Lights Out: Not So Fast (Dark Reading) Author and famed broadcast journalist Ted Koppel's new bestseller warns of a 'likely' nationwide and devastating blackout of the US grid at the hands of hackers, but some government and utility industry officials disagree

Agriculture, Alternative Energy Could Be Chinese Hackers' Next Targets (Dark Reading) Perhaps Anthem and Premera breaches were not just about stealing PII, but about researching the ins and outs of Western healthcare systems, CrowdStrike's annual global threat report says

Security Patches, Mitigations, and Software Updates

Comodo to fix major flaw in knock-off Chrome browser (IDG via CSO) An updated version of Chromodo should be released Wednesday

Google Safe Browsing Extends to Deceptive Embedded Content (Threatpost) Google's Safe Browsing API is almost a living organism, constantly evolving and adapting to online threats

eBay Fixes 'Severe' Vulnerability But Is Playing Whack-a-Mole With Security (Forbes) eBay EBAY +0.00% is an odd beast when it comes to security. Though it?s said before that malicious content on the marketplace is uncommon, it takes risks in providing certain functionality

Revelation of security bugs jumpstarts launch of Malwarebytes' bug bounty program (Help Net Security) Malwarebytes CEO Marcin Kleczynski has announced that the company has launched a bug bounty program in an effort to make its software more secure

Cyber Trends

CrowdStrike Global Threat Report Analyzes the Biggest Cyber Crime and Targeted Intrusion Trends (Crowdstrike) Report indicates geopolitical developments are now the most important drivers for the cyber attacks, intrusion trends, and adversaries shaping the global threat landscape

Survey of Cyber Experts Sheds Light on Attackers Habits, Best Prevention Strategies (Legaltech News) Cyber attacks aren't as lucrative and determined as once thought, but without a preemptive strategy, a company?s data may be at risk

Is Your Smart Office Creating Backdoors for Cybercriminals? (IBM Security Intelligence Blog) More and more devices are connecting to the Internet; the ones that control your building's heating, lighting and air conditioning are no exception

Internet of Things Will Never Be Safe Enough (Sputnik) The Internet of Things — a geek's paradise where interconnected devices such as your speakers, doorbell, car, iWatch, house lights and even your fridge exist for the sole purpose of making your life all that more simple… Unless they get hacked


U.S. businesses on their own when facing foreign cyber attacks (Business Insurance) Cyber attacks by nation states are a serious threat to U.S. business, and companies should not rely on the government to protect them from the attacks, said Mike Rogers, a former chairman of the House Intelligence Committee

Cisco to pay $1.4 billion for Internet of Things firm Jasper (Reuters) Cisco Systems Inc said on Wednesday it was buying Jasper Technologies Inc, a startup that connects devices like cars and medical devices to the Internet, for $1.4 billion in cash and equity awards, its largest acquisition since 2013

PSG invests $96m in Israeli cyber co Skybox Security (Globes) Some of the company's shareholders have sold the controlling stake in Skybox to PSG

Canadian Cybersecurity Company eSentire Raises $19.5M in New Funding (Legaltech News) The company plans to improve its presence in key markets, launch security operations in new regions and verticals

Apple Beefs Up Its Security Team By Hiring Zero-Day Exploit Team (TechCrunch) Remember Thunderstrike 2? Last summer, Xeno Kovah and Trammell Hudson unveiled a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status. And it looks like Apple didn't just fix the vulnerability — it has also hired the team behind this exploit to work on security

Norse Corp disappears shortly after CEO is asked to step down (CSO) On Thursday, February 4, Sam Glines, co-founder of Norse Corp, sent Salted Hash the following statement. It is reproduced below for the record, with no additional editing or comment

Products, Services, and Solutions

Ntrepid Offers Secure Web Browser to Victims of OPM Breach (Ntrepid) Passages provides complete protection from Web-based attacks, isolating all browsing activity from the user?s computer

Flash is dead. Long live Flash. (SC Magazine) Like a character in a zombie flick, Adobe Flash (formerly called Macromedia Flash and Shockwave Flash) is a software platform used for creating graphics, animation and rich internet applications that refuses to die. Despite a plethora of well-publicized security issues, it's simply too useful and too much a part of current tech culture to go away

Technologies, Techniques, and Standards

Threat Intelligence: Putting the Horse Before the Cart (SecurityWeek) Threat intelligence has received a lot of attention from the industry, ranging from vendors expanding their product portfolios and venture capitalists funding new start-ups to end user organizations looking for insights into advanced cyber-attacks that aren?t available from traditional perimeter defense tools

CTO Perspectives: Why Do Security Professionals Need Threat Intelligence? (Cyveillance Blog) Do you want to be more proactive in managing risk in security operations?

How to improve bank fraud detection with data analytics (IBM BIg Data Hub) Financial institutions need comprehensive analytics to build a strong bank fraud detection strategy. Advanced analytics software provides the tools necessary for banks to recognize and act on suspicious patterns, quickly notify customers of fraud incidents and position themselves for faster settlements

NSA Chief Hacker Reveals How He Can Be Kept Away — Part 1 (LIFARS) The National Security Agency?s hacking chief reveals insights and tips to block the world?s best hackers

NSA Chief Hacker Reveals How He Can Be Kept Away — Part 2 (LIFARS) This is the second entry in a two-part series covering the NSA?s chief hacker?s recent talk at a security conference

What I have learned as CISO for a Smart City (LinkedIn) In 2013 I left working for the Department of Defense to accept a position with the City of San Diego, CA

What Are Your Container Security Options? (eSecurity Planet) As with any nascent technology, container security is a concern. Three initiatives can help organizations boost container security

You've been hacked: How to recover from the nightmare (Health Data Management) As a healthcare CIO, you've been putting out various fires today and trying to make progress on several initiatives. That all changed a minute ago; now, you're in free fall

An Introduction to Cyber Hunting: 10 Immediate Actions for a Post-Breach Reality (Cybereason) Accept that a breach is inevitable

4 things you should be doing right now so you won't get hacked (Tech Insider) Cybercrime is a multibillion-dollar racket that affects corporations and individuals alike, but there are a few simple steps everyone can implement to protect against it

How to Build a Remote Security Team (Tripwire: the State of Security) This will not come as a surprise to many of you, but there's a current shortage of cyber security experts out in the field, which is causing job vacancies all over the country

Better Health Starts With Better Habits: Improving Your Security Diets (SecurityWeek) Success comes from changing your habits to make the commitment to secure software a lifestyle

Don't Be Hacker Bait: Do This One-Hour Security Drill (Wall Street Journal) 5 Steps to make your digital self less attractive to hackers, phishers and overly aggressive marketers

Leverage White-Box Cryptography and Tamper Resistance to Advance API Protection (IBM Security Intelligence) A server API, or application programming interface, is a set of instructions that applications running on desktops, websites, mobile devices or connected devices use to interact with server-side applications in the Internet of Things (IoT)

10 Things We Can Learn About Application Security From Football (Cigital) You may not often look for application security lessons from the game of football, but their fundamentals aren't so different

Design and Innovation

DISA test-driving smartphone encryption (Federal Times) Top leaders at the Defense Information Systems Agency know they're chasing a moving target: Mobile technology is moving quickly, and constant connectivity is expected by any young recruit and most people today

A Design Space for Effective Privacy Notices (Usenix) Notifying users about a system's data practices is supposed to enable users to make informed privacy decisions

Research and Development

NSA Says it "Must Act Now" Against the Quantum Computing Threat (Technology Review) he National Security Agency did a surprising thing last August — it suddenly declared that the algorithms it had spent a decade telling the world were the best way to lock up secret data weren't safe anymore. The reason? The danger of quantum computers


Air Force Academy's Innovation Center has big cyber plans (Colorado Springs Gazette) A small center growing at the Air Force Academy's Fairchild Hall will play a big part in the study of the military's role in cyberspace

3 Fundamental Traits of an Infosec Aficionado (Tripwire: the State of Security) I've had a lot of conversations with high school students and students in their initial years of university who don't particularly know what they want to be when they grow up. Heck, I'm still trying to figure that out!

Legislation, Policy, and Regulation

Wait until April before relying on Privacy Shield, EU privacy watchdogs warn (IDG via CSO) Binding corporate rules and model contract clauses are OK for now, but may not be later

Can EU-US data pact survive without surveillance reform? (Christian Science Monitor Passcode) While American and European negotiators reached a deal to replace the invalidated Safe Harbor data transfer agreement, the agreement may not be strong enough to satisfy European privacy advocates concerns about US spy agency snooping

Opinion: Why Privacy Shield isn't impenetrable (Christian Science Monitor Passcode) The new arrangement between European and US negotiators to replace Safe Harbor and ensure that data continues flowing across the Atlantic may not be strong enough to withstand likely legal challenges from privacy watchdogs

Saudi: Body to track accounts inciting terrorism, sectarianism (Al Arabiya) Major General Mansour Turki, the spokesman for the Interior Ministry, said that a committee composed of three government bodies represented by the Interior Ministry, the Bureau of Investigation and Public Prosecution and the Communications and Information Technology Commission work on monitoring the accounts that incite terrorism and combating cybercrimes, which also include the accounts that call for sowing sedition and sectarianism

The reality of Boko Haram and the limits of counter-terrorism (Hurriyet Daily News) The rise of non-state actors, mainly terrorist organizations, in recent years has dramatically increased the volume of violence and number of casualties around the world

Here's How Google Is Trying To Combat Online Terror Recruitment (Fortune) It involves search ads

John Kerry keeps calling the Islamic State 'apostates.' Maybe he should stop. (Washington Post) There may be no more globally divisive question over the past few years than whether the Islamic State is representative of the world's global Muslim population or not

ISIS Was Born In An American Detention Facility (And It Wasn't Gitmo) (Lawfare) The US seems to have a knack for creating, incubating, and training its future enemies

Top Israeli General Calls IS 'Our Enemy' (ABC News) A top Israeli general said Wednesday that the Islamic State group is "our enemy" and that Israel is sharing intelligence with allies battling the extremists despite remaining on the sidelines of Syria's civil war

Netanyahu: "I want Israel to become a cyber power" (Network World) Speaking at CyberTech 2016, Israeli prime minister calls for cross-country sharing of cyber threat info

Russia to spend $250m strengthening cyber-offensive capabilities (SC Magazine) Russia fires a warning shot across the US bows in response to the 'US offensive cyber-threat,' saying that it does not lag behind the US when it comes to cyber-technology, noting that its hackers are among the best

Regulation Won't Save You: Six Steps to Keep America Safe in Cyberspace (War on the Rocks) Cybersecurity threats are growing fast — and in ways that are hard to understand. Reactions range from denial ("It's all hype") to panicked cries that the digital sky is falling. As usual, the truth lies between these extremes

Former CIA director endorses unbreakable encryption (The Hill) The former director of the Central Intelligence Agency and the National Security Agency said this week that the government should not have a backdoor into encrypted communications

Ron Wyden: The "Going Dark" Debate Is "New Dog Whistle Of National Security Politics" (Buzzfeed) In an interview with BuzzFeed News, the Democratic senator touted a new Harvard study contradicting Obama administration claims that encryption technology has hamstrung law enforcement investigations

They are deadly serious about crypto backdoors (Errata Security) Julian Sanchez (@normative) has an article questioning whether the FBI is serious about pushing crypto backdoors, or whether this is all a ploy pressuring companies like Apple to give them access. I think they are serious — deadly serious

Spy on Me All You Like, More Americans Say (Defense One) A new poll shows more people are fine with increased national-security surveillance

Clinton Calls Cybersecurity 'One of the Most Important Challenges' for the Next President (Washington Free Beacon) At the end of a get out the vote campaign event in New Hampshire on Wednesday, Hillary Clinton was asked about her plans for protecting cyber security

Litigation, Investigation, and Law Enforcement

Security negligence goes to court (CSO) The number of people whose data was breached in 2015 exceeded that of the previous year. How do we plan to regulate these cases?

5 Ways a Firm Can Stop a Data Breach Lawsuit (Fortune) It's bad enough to get hit by a cyber-attack. Don't let a lawsuit hit you too

SpyHunter anti-malware maker files lawsuit over bad review (CSO) Instead of changing their ways, or fixing their product, Enigma Software turned to their lawyers

Chinese National Pleads Guilty to Conspiring to Steal Trade Secrets (US Department of Justice) Mo Hailong, aka Robert Mo, 46, pleaded guilty today to conspiracy to steal trade secrets before U.S. District Judge Stephanie M. Rose of the Southern District of Iowa, announced Assistant Attorney General for National Security John P. Carlin and Acting U.S. Attorney Kevin E. VanderSchel of the Southern District of Iowa

Germany Conducts Raids Over Suspected Attack Plans (ABC News) German police conducted raids and arrested two suspects on Thursday in an investigation of four Algerian men who are suspected of planning attacks in Germany and having ties to the Islamic State group

Kansas man pledged allegiance to ISIS, planned to detonate car bomb at Army base (Washington Post) A 21-year-old Kansas man pleaded guilty on Wednesday to attempting to detonate what he thought was a 1,000 pound ammonium nitrate bomb on the Fort Riley Army base in Manhattan, Kansas

Police officer indicted for leaking personal information to Lehava (Ynet) A Border Police officer is indicted after allegedly transferring personal details of a Jewish woman he found traveling in a car with two Arabs and another friend to Lehava head Benzi Gopstein and former MK Michael Ben Ari

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

OPSWAT Cyber Security Seminar (Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.