skip navigation

More signal. Less noise.

Daily briefing.

Release of alleged information on US FBI and Department of Homeland Security personnel continues. The pro-Palestinian hacktivist-who-prefers-to-remain anonymous still remains anonymous for now, but a screen name worthy of Carlos Danger augurs his eventual betrayal by a libido ostentandi.

SecureList has an account of AdWind, a complex, cross-platform backdoor currently afflicting banks in Singapore and elsewhere. Also known as "AlienSpy," it's being sold openly as a subscription service in Internet black markets.

The "Poseidon Group," Brazilian in origin and speaking both Portuguese and English, presents what observers see as a novel twist on extortion. Operating as an APT group, they prospect vulnerable enterprises for sensitive data, approach their victim ("in well-dressed suits," notes Dark Reading, emphasizing Poseidon's white-collar self-presentation), point out their security issues, and urge the victim to hire them for security services. Victims who balk find that (1) their data move over to Poseidon's "market forecasting" business, which sells sensitive information, and (2) that Poseidon, having established persistence in the network, is in no hurry to leave.

In patch news, Avast fixes issues Google discovered with Avast's SafeZone browser security tool. Oracle closes some Java vulnerabilities to DLL hijacking, and Apple updates iOS 9.

A depressed equities market drags down share prices, and cyber stocks suffer along with the rest. Digital Shadows attracts $14M in Series B funding. Infoblox buys IID (for talent and data) and Kingston acquires encrypted flash-drive shop IronKey.

In the US, Wassenaar renegotiation gains Congressional support. NSA's reorganization continues apace. Congress deliberates encryption (deliberately).

Notes.

Today's issue includes events affecting Belgium, Brazil, China, European Union, France, India, Iran, Iraq, Netherlands, Pakistan, Russia, Syria, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Isis makes far-right National Front demos its 'prime target' (The Local (France)) Isis took to the pages of its francophone propaganda magazine Dar al Islam to declare that demos by the National Front were now "the prime target"

Hack Brief: FBI and DHS are Targets in Employee Info Hack (Wired) Last year, A hack of the U.S. Office of Personnel Management exposed the personal information of millions of government employees. Now, Motherboard reports, a hacker has threatened another federal employee dump of a much smaller scale but potentially more sensitive target: the names, titles, and contact information of nearly 30,000 FBI and Department of Homeland Security workers

Hacker Publishes Personal Info of 20,000 FBI Agents (Motherboard) While America was getting ready to watch the Super Bowl on Sunday, a hacker promised he would dump online a list of more than 20,000 agents of the Federal Bureau of Investigation and 9,000 Department of Homeland Security officers

Suspected Pakistan-based hackers behind the Indian government's IRS cyber attack (DNA India) Indian Revenue Service (IRS), has been hacked on Saturday by a group that claim they are Pakistanis

Adwind: FAQ (SecureList) We have become aware of unusual malware that was found in some banks in Singapore. This malware has many names — it is known as Adwind RAT (Remote Access Tool), AlienSpy, Frutas, Unrecom, Sockrat, JSocket, and jRat. It is a backdoor available for purchase, and is written entirely in Java which makes it cross-platform

Java "RAT–as–a–Service" backdoor openly sold through website to scammers (Ars Technica) The malware once known as AlienSpy is back in action after original domains shut down

'AlienSpy' Family Openly Sold As Subscription Service (Dark Reading) Adwind — a relative of the infamous AlienSpy spyware — offered as malware-as-a-service to all types of attackers

Remtasu is disguising itself as a tool to appropriate Facebook accounts (We Live Security) Almost a year ago we warned about the spreading of Remtasu, and far from lessening, we have been able to identify numerous instances of this threat being propagated further

Brazilian Cyberspies In Suits Shake Down Victims With Stolen Company Secrets (Dark Reading) 'Poseidon Group' puts a new spin on cyber-extortion, and operates across land and sea

Poseidon APT Group Identified As First Portuguese-Speaking Campaign (Threatpost) For more than 10 years, attackers have carried out a series of covert attacks on firms worldwide and capitalized on that connection by coercing the companies into a phony business relationship where they can further steal data

Beware, Latest WhatsApp Scam Drops Malware on Your Device (Hack Read) Watch out for latest WhatsApp scam tricking users into opening malware link sent by "friends"

Power Grid Honeypot Puts Face on Attacks (Threatpost) The rhetoric around hacking the power grid would have you believe it's a relatively mundane practice. Policymakers, intelligence agencies and vendors, for example, spread the word gleefully, leaning on scenarios such as state-sponsored hackers shutting off the lights in the dead of winter as a scare tactic to glean budget and influence

IoT Reality: Smart Devices, Dumb Defaults (KrebsOnSecurity) Before purchasing an "Internet of things" (IoT) device — a thermostat, camera or appliance made to be remotely accessed and/or controlled over the Internet — consider whether you can realistically care for and feed the security needs of yet another IoT thing

Trane thermostat turns home networks into a hot spot for viruses (Register) When is the IoT industry going to get smart on security?

Internet of hackable things? Why IoT devices need better security (Enterprise Project) The Internet of Things is amazingly powerful and useful — but not always safe to use, and most organizations with IoT implementations need to do a better job of keeping them secure

Current p2p trends threatening enterprise security (ITWorld) File sharing has become more common place, which means there are common threats that lurk in p2p traffic

Homegrown Extremists Top Terrorist Threat List, Clapper Says (BloombergBusiness) Homegrown extremists probably will "continue to pose the most significant Sunni terrorist threat to the U.S. homeland in 2016," Director of National Intelligence James Clapper said in a summary for Congress of the perils facing the nation globally

Security Patches, Mitigations, and Software Updates

Avast Patches Critical SafeZone Flaw (Infosecurity Magazine) Security vendor Avast has patched a dangerous vulnerability in its SafeZone protected browsing tool which researchers claimed could allow attackers to compromise secure sessions like online banking

Oracle Security Alert for CVE-2016-0603 (Oracle) This Security Alert addresses CVE-2016-0603 which can be exploited when installing Java SE 6, 7 or 8 on the Windows platform. This vulnerability has received a CVSS Base Score of 7.6

DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice (Softpedia) Oracle has released new Java installers to fix a well-known security issue (CVE-2016-0603) that also affects a plethora of other applications, from Web browsers to antivirus products, and from file compressors to home cinema software

Apple plugs more than 100 flaws in its latest iOS security update (FierceMobileIT) Apple has issued a security update for iOS 9 that plugs more than a hundred security flaws in the mobile operating system

Cyber Trends

CSA survey finds trust in the cloud increasing (Business Cloud News) Suspicion of the cloud has lifted so much that trust in cloud services is on par with on-premises applications, according to a survey by the Cloud Security Alliance

IT Security Mimics Intelligence Services More than You Realize (Threatpost) Intelligence services may be the security industry's boogeyman right now, but for a long time, IT security has done a good job of following the government's lead when it comes to developing new approaches and strategies

It's Been 20 Years Since This Man Declared Cyberspace Independence (Wired) When digital dystopians and critics of Internet libertarians need a rhetorical dart board, they often pull out a document written by John Perry Barlow, co-founder of the nonprofit Electronic Frontier Foundation, a former cattle rancher and Grateful Dead lyricist

Why Larry Ponemon Dedicated His Career to Privacy (CIO Insight) Larry Ponemon is optimistic about the state of cyber-security — but he knows there's a long road ahead in protecting the privacy and security of users

Marketplace

Big data's very bad day in the stock market (FierceBigData) Investor trends are not the same as predictive analytics because far too much stock market movement is merely knee-jerk reactions with precious little data to aim the kick

QuickHeal IPO: Not for listing gain, but offers solid long-term prospects (Economic Times) QuickHeal Technologies is set to hit the primary market on February 8, aiming to raise Rs 250 crore. The IPO price band has been fixed at Rs 311-321 with a face value of Rs 10 per share

Digital Shadows Gets $14M To Keep Growing Its Digital Risk Scanning Service (TechCrunch) UK cyber security startup Digital Shadows, which sells a SaaS service to businesses wanting to monitor and manage potential risks by keeping tabs on activity related to their digital footprint — has closed a $14 million Series B funding round, led by Trinity Ventures. As part of the investment, Trinity's Fred Wang has joined the Digital Shadows board

Tacoma cyber-security firm acquired by Silicon Valley tech company (News Tribune) Tacoma-based cybersecurity company IID was sold to network services provider Infoblox for $45 million, the companies announced Monday. Santa Clara, California-based Infoblox has more than 8,300 customers and more than 800 employees

Kingston buys encrypted flash drive maker IronKey (ComputerWorld) IronKey's thumb drives meet U.S. government standards for security

88 jobs created in Belfast at cyber security firm Alert Logic (Belfast Telegraph) Cyber security firm Alert Logic has established a Security Research and Technology Development centre in Belfast creating the new posts

Darktrace reports surge in cyber defence demand (Business Weekly) Cambridge UK cyber technology business Darktrace reports a 510 per cent surge in year on year bookings with and revenue growth of 450 per cent. Headcount has grown 231 per cent and now stands at close to 200 employees in 18 locations around the world, with new US headquarters in San Francisco and a new office on the Champs-Élysées in Paris

Rook Security Founder And CEO J.J. Thompson Named To Indianapolis Business Journal’s 2016 Forty Under 40 (BusinessWire) Indiana native acknowledged for his work in cyber defense, entrepreneurship and creating opportunities for local talent in technology

Qualys Appoints Todd Headley, Former CFO of Sourcefire, to Its Board of Directors (CNN Money) Appointment brings a unique combination of financial and security industry experience to Qualys

Protegrity Promotes Clare Cunniffe to Top Global Sales Position (MarketWired) Protegrity, the leading provider of data-centric enterprise data security solutions, announced today that Clare Cunniffe has been promoted to Senior Vice President of Global Sales, reporting to Protegrity CEO Suni Munshani

Products, Services, and Solutions

Keybase Releases Encrypted File-Sharing iPhone App Print Email (TechNewsWorld) Keybase last week announced the alpha release of the Keybase app for the iPhone with a cryptographically secure file mount

Police Forces Identifying Potential Corruption with SpectorSoft Solutions (BusinessWire) UK Police use SpectorSoft to monitor Force activities to ensure integrity through early detection and rapid response to leaks that could jeopardize investigations, prosecutions

Technologies, Techniques, and Standards

Sharing is vital to thwart attackers, says Microsoft security exec (ITWorld Canada) It's tough to share threat intelligence with competitors, but in an era where attackers have time, money and resources on their side, going it alone is impossible

5 Best Practices for Reducing Third-Party Security Risks (eSecurity Planet) Vendors and other third-party partners have caused some big data breaches. Here is how to keep it from happening to you

Monday Morning Quarterbacking Super Bowl 50: Infosec Edition (Dark Reading) How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, there's a lot riding on your game, too

Design and Innovation

Military Security in the Age of the Internet of Things (SIGNAL) Despite looming threats, trusted communications offer a glimmer of assurance

Research and Development

Privacy-preserving genomic testing in the clinic: a model using HIV treatment (Genetics in Medicine) The implementation of genomic-based medicine is hindered by unresolved questions regarding data privacy and delivery of interpreted results to health-care practitioners. We used DNA-based prediction of HIV-related outcomes as a model to explore critical issues in clinical genomics

Reverse-engineering the brain to improve machine learning (GCN) Researchers are working to reverse-engineer how the brain's visual system processes information in hopes of advancing machine learning algorithms and computer vision

Academia

Security Scholar Program Debuts at RSA® Conference 2016 (BusinessWire) World's largest information security event aims to connect students with industry experts

Legislation, Policy, and Regulation

(Hardly any) French MPs back emergency powers reform (The Local (France)) The lower house of the French parliament voted on Monday in favour of enshrining in the constitution the process of declaring a state of national emergency, although 411 MPs didn't bother turning up

Months after Paris attack, new surveillance regime emerges in Europe (Christian Science Monitor Passcode) From more closely monitoring Europeans' travel plans to examining Internet traffic, European officials and law enforcement agencies are pushing for more surveillance measures to track potential terrorists

Terror bulletins, alerts or nothing at all: Feds try for happy medium (Federal Times) The Super Bowl came and went without a hitch — or a terror bulletin or alert. But are agencies ready to test the new Homeland Security system when the time comes?

Momentum slows for encryption bill (The Hill) Congress seems unlikely to pass an encryption bill anytime soon despite the burst of momentum that followed the terrorist attacks in Paris and San Bernardino, Calif

McCain calls for encryption standards (Washington Examiner) Sen. John McCain criticized encryption technology, which allows terror suspects to communicate without the government seeing it, in an editorial over the weekend, and renewed a call for legislation to prohibit it

Countering Violent Extremism (Federal Bureau of Investigation) FBI launches new awareness program for teens

EC Announces Privacy Shield Timeframe, Conditions (Forbes) The European Commission announced today via Commissioner Vera Jourová the time frame and remaining conditions for reaching agreement on Privacy Shield, the framework "agreement" to replace the invalid Safe Harbor EU-U.S. data transfers agreement

Anxiety Remains for U.S. Businesses Despite New EU Data Agreement (Legaltech News) The new EU-U.S. data transfer agreement and changing EU data laws do little to alleviate concerns

House Oversight presses Kerry to renegotiate cyber controls (The Hill) The House Oversight Committee is pushing the State Department to renegotiate parts of an international export agreement that governs cyber weapons

Draft bill seeks to improve U.S. military cyber warfare capabilities (SC Magazine) Draft legislation proposed by Sen. Mark Kirk (R-Ill.) seeks to improve the Pentagon's ability to quickly develop and acquire process cyber warfare technologies

Here's Why the National Security Agency Is Overhauling its Spy Operations (Fortune) NSA says a good cyber defense and offense go hand in hand

NSA21: Facing Threats to the Nation and Future Challenges with Innovation, Integration, and a Focus on Talent (NSA) The National Security Agency has launched a comprehensive campaign to ensure NSA maintains its position as the world's preeminent foreign signals intelligence and information assurance organization

Adblock Plus seeks online pact to let 'acceptable' ads through filters (ZDNet) Websites and publishers are talking with Adblock Plus maker Eyeo about a new independent body to regulate online advertising

Proposed Utah law would make doxing a six-month jail crime (Ars Technica) EFF criticizes broad language: "This bill as drafted is clearly unconstitutional"

Litigation, Investigation, and Law Enforcement

Russian Cops Bust Key Members Of World's Busiest Cybercrime Gang: Sources (Forbes) In November, Russia's FSB quietly led an operation to take down the world's most active cybercriminal groups, the operators of the banking malware Dyre, according to a number of sources with knowledge of the matter

Federal Judge Orders Home Depot to Turn Over Potential Settlement Communications (Daily Report) The federal judge presiding over litigation against Home Depot stemming from a massive security data breach has ordered the Atlanta-based home supply chain to turn over to plaintiff financial institutions any communications it has exchanged with other banks over possible settlement of the pending cases

Judge tosses proposed class action accusing Google of CAPTCHA fraud (Ars Technica) "Google stole a small amount of time and attention from a large number of people"

Facebook Ordered To Stop Tracking Non-Users In France (TechCrunch) Yet more privacy problems for Facebook in Europe

Innocent Chrome game used as cover for many tentacled Android invader (Naked Security) The Federal Trade Commission (FTC) has settled a case against a pair of developers who bought a nice, mild-mannered, browser-based Chrome game called "Running Fred" and turned it into the app equivalent of a spam-spewing facehugger

Bank joins Interpol cybercrime fighting centre (ZDNet) Barclays is the first bank to have an analyst working alongside cybercrime experts at Interpol's research and development facility

Police use Lincolnshire County Council cyber-attack as warning to others (MISCO) Police investigating the malicious malware attack on Lincolnshire County Council's computer systems have urged other organisations and businesses to beef up their security so they don't become a victim of cybercrime

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time...

Upcoming Events

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

OPSWAT Cyber Security Seminar (Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, February 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.