skip navigation

More signal. Less noise.

Daily briefing.

Twitter notifies some 10,000 subscribers that a password recovery bug may have exposed their personal information last week. Twitter also says it immediately fixed the vulnerability, and warns users not to attempt exploitation.

FireEye fixes a whitelisting issue in its NX, FX, EX, and AX products, and Google issues an update for Chrome.

Google's Project Zero says that some Comodo products are accompanied by a weakly secured VCN associated with a technical support program.

Sucuri warns that the pingback feature in older WordPress sites is being used to execute layer 7 DDoS attacks against servers. They recommend disabling pingback.

Observers fear that Hollywood Presbyterian's payment of $17,000 ransom to free its systems may incentivize other ransomware crime. But others note that the hospital was in a tough spot — they had, after all, an obligation to recover and resume patient care.

Locky ransomware continues to spread. Researchers note that it's targeting German-speakers.

Foscam IP security cameras are said to be engaging in a lot of undesirable peer-to-peer chatter. It may prove difficult for most users to disable the baked-in P-2-P functionality.

IOActive reports an inexpensive proof-of-concept exploit that could disable sensors networked in SimpliSafe's home security system.

In the US, industry and tech groups remain unhappy with the Wassenaar cyber arms control accord. They're pressing the Secretary of State to renegotiate the agreement.

Apple and the FBI remain at loggerheads over a court order that would compel Apple's help in unlocking the San Bernardino jihadists' iPhone. Observers see uncharted legal waters.

Notes.

Today's issue includes events affecting Austria, China, Germany, Iran, Iraq, Israel, Syria, United States.

Today's CyberWire Daily Podcast will have more on what's at stake in the case of the San Bernardino jihadists' iPhone. Listen for the Daily podcast later this afternoon, and to the Week-in-Review that will follow it shortly. On the Daily, we talk to the University of Maryland's Markus Rauschecker on the legal and policy implications of cloud security. In the Week-in-Review, we hear from Maryland's Jonathan Katz on the challenges students face upon entering the cyber labor force. We also speak with Wandera's Michael Covington about the true costs of enterprise mobile.

Cyber Attacks, Threats, and Vulnerabilities

Twitter password recovery bug exposes 10,000 users' personal information (IDG via CSO) The company has notified those affected and will suspend users who exploited the bug

E-commerce web apps vulnerable to hijacking, database compromise (Help Net Security) High-Tech Bridge researchers have published details and PoC exploit code for several serious vulnerabilities in Osclass, osCmax, and osCommerce, three popular open source e-commerce web apps

Comodo's 'security' kit installed a lame VNC server on PCs on the sly (Register) Modern antivirus: Easily crackable password, lets malware gain admin privileges

Is your WordPress site being misused for DDoS attacks? (Help Net Security) Many WordPress websites are still being misused to perform layer 7 DDoS attacks against target servers, even though preventing them from participating in these attacks is as simple as disabling the pingback feature

Security Alert: New Locky Ransomware Shows Off through Rampant Distribution (Heimdal Security) After hitting a US hospital, cyber security specialists warn that this new strain of ransomware is being aggressively spread to compromise potential victims around the world. Its name: Locky

What does a .locky file extension mean? It means you've been hit by ransomware (Graham Cluley) Ransomware with apparent links to a Dridex botnet affiliate has been spotted attempting to infect at least 450,000 computer users

Hacked Hospital Ransom Payout Will Cause 'Proliferation of Attacks' (Newsweek) A Los Angeles hospital's decision to pay a $17,000 ransom to hackers could lead to a proliferation of cyber attacks on critical infrastructure, experts tell Newsweek

Remotely Disabling a Wireless Burglar Alarm (IOActive) Countless movies feature hackers remotely turning off security systems in order to infiltrate buildings without being noticed. But how realistic are these depictions? Time to find out

This is Why People Fear the 'Internet of Things' (KrebsOnSecurity) Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware

The Linux GNU C Library Vulnerability: What It Is, How To Fix It (TrendLabs Security Intelligence Blog) Earlier this week, the maintainers of the GNU C Library (known as glibc, an open-source software library widely used in Linux systems) announced that they had released a fix for a vulnerability introduced in 2008 that allowed a buffer overflow to take place

Latest Exploitation of SS7 Network — Next Generation of Location Tracking Attacks (Realwire) AdaptiveMobile, the world leader in mobile network security, announced today it has evidence of sophisticated location tracking platforms exploiting the SS7 network

ISIS-related threat on social media shuts down rural military school (Washington Post) A private military school in Virginia has canceled events throughout the weekend and boosted its security after receiving Islamic State-related threats through social media, law enforcement and school officials said

Cheating site Ashley Madison is popular with Air Force (Air Force Times) The hack of notorious cheating website Ashley Madison, whose uber-classy motto is "Life is short. Have an Affair," is continuing to cause embarrassment around the country. And now, it's the Air Force's turn

DoD databases: A prime target for cyberattacks (C4ISR & Networks) Cyberattacks are on the rise, and networked military resources are on the front line of what may someday escalate into an all-out cyberwar

C-suite is confused about who poses the biggest cybersecurity threat (FierceITSecurity) C-suite executives are confused about who the true cybersecurity adversaries are and how to effectively combat them, a survey released Wednesday by IBM found

A Letter to the Insiders — Think Twice (Team Cymru) Insider threats come in many forms, from the unwitting to the negligent, and even the downright malicious

In The Crosshairs: The Trend Towards Targeted Attacks (Tripwire: the State of Security) Sophisticated targeting is one of the most important trends in security right now

The ghost of Stuxnet continues to haunt enterprise security, says HPE (FierceITSecurity) More than one-quarter of all successful enterprise software exploits in 2015 used a vulnerability that dates from the 2010 Stuxnet attack

Fighting malware monetization and application vulnerabilities (Help Net Security) As the traditional network perimeter disappears and attack surfaces grow, security professionals are challenged with protecting users, applications and data — without stifling innovation or delaying enterprise timelines

Security Patches, Mitigations, and Software Updates

Fixing a recent password recovery issue (Twitter) We recently learned about — and immediately fixed — a bug that affected our password recovery systems for about 24 hours last week

FireEye Detection Engine Was Whitelisting Malware (Softpedia) Vulnerability fixed in FireEye NX, FX, EX, and AX devices

Stable Channel Update (Chrome Releases) The stable channel has been updated to 48.0.2564.116 for Windows, Mac, and Linux

Cyber Trends

Taking Situational Awareness to a New Level: Innovation, Technology and Citizen Stakeholders (Security Magazine) We live in a very dynamic world and the nature of what is considered a threat is constantly changing

New Survey Underscores Law Firm Security Vulnerabilities (Legaltech News) Forty-eight percent of those responding to the Guidance Software survey felt unprepared to identify and protect sensitive information

Healthcare data breaches lead more patients to withhold information from doctors (We Live Security) As 2015 slides into the cybersecurity history books as "the year of the healthcare breach" I decided to examine one aspect of medical data privacy that is sometimes overlooked: the impact of breaches on patient-doctor information exchange

Do you trust the new breed of talking (and listening) toys? (Naked Security) The annual Toy Fair took place this past weekend — the biggest event of the year for the toy industry, where vendors showcase thousands of new toys before they hit retail shelves and Amazon wish lists

Marketplace

Symantec: Has Management Learned From Their Mistakes? (Seeking Alpha) Symantec lost money on its Veritas deal. Nevertheless, the firm now brings back all the proceeds to the shareholder

Palo Alto falls sharply after JMP reports hearing of sales challenges (Seeking Alpha) JMP Securities states its Palo Alto Networks (PANW -9.4%) reseller checks indicate shipping activity towards the end of FQ2 (the January quarter) was "more rushed than usual"

Funds raised will be used for new security products: Quick Heal (CNBC) Kailash Katkar, MD & CEO of the company says that Quick Heal is in process of developing a number of enterprise security products and the funds raised will be utilized for further development and marketing of the products

CensorNet acquires SMS PASSCODE (Channel EMEA) CensorNet, the complete cloud security company, today announces that it has acquired Danish based multi-factor authentication vendor SMS PASSCODE in a closed deal

Solicitation Number: NAMA-16-RFI-0001: Social Media Archiving Tool (FedBizOpps) NARA issues this Request for Information (RFI) package to obtain technical information about a commercially available tool capable of capturing, managing, and preserving social media data in compliance with applicable federal records management and eDiscovery laws

Fortscale Expands Executive Team as User Behavior Analytics Market Momentum Builds (BusinessWire) Company taps Kurt Stammberger, the founder of the RSA Conference, as Chief Marketing Officer

KEYW Adds Brian W. Hobbs as Vice President of Corporate Capture (Nasdaq) The KEYW Corporation, a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), announced today the addition of Brian W. Hobbs as Vice President of Corporate Capture

Syniverse Appoints Dave Ratner to Lead Enterprise Solutions (BusinessWire) Business unit focused on enterprise segment with dedicated resources

Products, Services, and Solutions

Exabeam launches Threat Hunter to uncover bad actors already on the enterprise network (FierceITSecurity) Security startup Exabeam on Wednesday launched its Threat Hunter product to provide security analysts the ability to query user data collected by the firm's user behavior analytics (UBA) platform

Synopsys and Cypherbridge Accelerate TLS Record Processing for IoT Communication with Optimized Hardware/Software Security Solution (PRNewswire) Combination of Cypherbridge uSSL SDK and DesignWare SSL/TLS/DTLS Security Protocol Accelerator speeds software development

DB Networks launches Layer 7 Database Sensor (Help Net Security) DB Networks introduced a product that provides OEM partners with real-time deep protocol analysis of database traffic

KEYMILE Enhances its Strategic Positioning with Quantum Cryptography Solutions (Railway-Technology.com) KEYMILE is adding quantum cryptography solutions from ID Quantique, worldwide leader in quantum-safe encryption solutions from Switzerland, to its product range for mission-critical communications networks

New IBM Mainframe Promises Advanced Security for Hybrid Clouds (E-Commerce Times) IBM on Tuesday introduced the z13s, a mainframe computer system optimized for hybrid cloud deployment

Sophos Mobile Security for Android Achieves Best Protection Award From AV-TEST Institute (IT Business Net) Demonstrates consistent detection rates of 100 percent during 2015

Prelert Unveils Behavioral Analytics for the Elastic Stack (BusinessWire) New software product automates analysis of massive data sets in Elasticsearch, detecting and visualizing behavioral anomalies

Avast Virtual Mobile Platform Brings Mobile Enterprise Security to a New Frontier (IT Business Net) Powerful platform focuses on securing data, not devices; delivers security-enabled productivity by protecting company data and workers' personal privacy

FairWarning and FireEye Join Forces to Combat Increasing Security Threats to Healthcare Organizations (BusinessWire) Integration of FireEye Threat Analytics Platform with FairWarning Patient Privacy Monitoring creates a coordinated threat protection and response framework for patient privacy breaches

FireEye Strengthens Platform With 15 New Cyber Security Coalition Technology Partners (Marketwired) Also completes nine technology integrations with CSC partners in the areas of data security, cloud security, user behavior analytics and privileged account security

Farsight Security Announces Farsight DNSDB App for Splunk® (Marketwired) In a significant industry milestone, today Farsight Security, Inc. announced the release of Farsight DNSDB℠ App for Splunk® to enable security analysts to improve the speed, accuracy and global view of their digital investigations for faster risk mitigation and prevention

Clearswift and SecureMySocial Announce Combined Offering (BusinessWire) Data Loss Prevention to combat social media information leaks; anytime, anywhere

Wombat Security Releases PhishAlarm Analyzer (eWeek) The platform scans reported emails and examines them based on standard security indicators of compromise, and the emails are then prioritized

BioCatch warns of RAT-in-the-Mobile malware (Finextra) BioCatch, the global leader in Behavioral Authentication and Malware Detection, announced today that its behavioral authentication platform is the first to successfully detect Remote Access and RAT-in-the-Mobile (RitM) malware, in real time

Technologies, Techniques, and Standards

Why a single point of failure should be your primary concern (Help Net Security) Many organizations are transitioning to digital systems, which has increased the dependency on cloud service providers, web hosting platforms, and other external services

Creating a common cyber lexicon: Harder than it looks (C4ISR & Networks) The Defense Department and service components in recent years have released many documents, directives and guidance on operating in cyberspace, and a common goal in most of them includes reaching a consensus in the language and terminology used for the cyber domain

Cyber-Security: The Best Plan Of Action To Keep Your Data Safe (InformationWeek) Like a perverse iteration of Newton's third law, every clever cyber-attack action is always followed by an equally clever reaction from the organization targeted. Is that enough to keep your data safe?

Perspective: The Legal Ethics of Using the Cloud (Bloomberg BNA) All law firms continue to face a highly competitive marketplace for legal services

Design and Innovation

W3C launches effort to replace passwords (Help Net Security) The World Wide Web Consortium (W3C) is launching a new standards effort in web authentication that aims to offer a more secure and flexible alternative to password-based logins on the Web

WearFit: Security Design Analysis of a Wearable Fitness Tracker (IEEE) In 2014, the IEEE Computer Society — the leading association for computing professionals — launched a cybersecurity initiative by forming the Center for Secure Design

Israeli military techies cook up security alerts software (Register) Threat information as visual story lines

Research and Development

For New Cybersecurity Pilot Program, Collaboration Is Key (Government Technology) The goal is to develop advanced technology to identify, defend and prevent cyberattacks more efficiently and effectively — and deliver a working prototype by 2018 that other institutions and industries, such as banks and government agencies, can use

Academia

NSA, LifeJourney Partner To Give Students a Taste of Cybersecurity Careers (Campus Technology) LifeJourney, an online career simulation experience provider, will launch Day of Cyber February 29 at the RSA 2016 Conference in San Francisco in conjunction with the National Security Agency (NSA)

Legislation, Policy, and Regulation

Tech, business presses Kerry to renegotiate cyber controls (The Hill) A coalition of tech and business groups is pressing the Obama administration to renegotiate an international agreement designed to keep hacking tools out of the hands of repressive regimes

DOD to adversaries: Send us your zero-day attacks (Defense Systems) The Defense Department wants adversaries to increase their spending on cyber attacks, because the attacks they use now don't cost those adversaries enough

DHS Ready to Share Intelligence With Private Sector (Technewsworld) The U.S. Department of Homeland Security this month will start sharing threat information with a small number of hand-picked companies under the newly enacted Cybersecurity Information Sharing Act

Encryption Backdoors Weaken National Security, Invade Personal Privacy, and Endanger the US Economy (Center for Democracy and Technology) As some of you may have noticed, backdoors are back in the news again. Much will be written about this subject in the coming weeks, but today I want to make 3 key points

ODNI task force and DoD partner to fight insider threats (C4ISR & Networks) The Office of the Director of National Intelligence's National Insider Threat Task Force is working closely with the Department of Defense to figure out how 43 of its components can build solid insider threat programs

New Freedom of Information Act Request Documents Released by ODNI (IC on the Record) The Office of the Director of National Intelligence is one of seven federal agencies participating in a pilot program to make records requested via the Freedom of Information Act more readily available

WEST: Personnel, Budget Cuts Leave Gaps in U.S. Cyber Forces (USNI) Saddled with budget cuts and prospects of a smaller force, the military services must find ways to build a specialized cyber force

Litigation, Investigation, and Law Enforcement

Encryption isn't at stake, the FBI knows Apple already has the desired key (Ars Technica) The FBI knows it can't bypass the encryption; it just wants to try more than 10 PINs

Experts Cast Doubt On What Else FBI Might Get From Suspect's iPhone (NPR All Tech Considered) The showdown between the FBI and Apple could result in huge changes for security and privacy, but one thing it may not do is deliver a big break in the San Bernardino case

Apple, FBI encryption clash brings 'backdoor' debate to the fore (Federal Times) Apple, FBI encryption clash brings 'backdoor' debate to the fore

Experts contend Apple has the technical chops to comply with court order (Compuerworld via CSO) Possible to subvert iOS to give FBI ability to brute-force the passcode, say security professionals

Apple's FBI Battle Is Complicated. Here's What's Really Going On (Wired) The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation — and also generated some misinformation

Apple–FBI fight over iPhone encryption pits privacy against national security (Los Angeles Times) A court order requiring Apple to create a way to help law enforcement get access to a terrorist's smartphone amounts to an "unprecedented" stretch of an antiquated law — one that is likely to spark an epic fight pitting privacy against national security, legal scholars said Thursday

Why Apple Is Right to Challenge an Order to Help the F.B.I. (New York Times) It is understandable that federal investigators want to unlock an iPhone used by one of the attackers who killed 14 people in San Bernardino, Calif., in December

Apple should work with the FBI instead of pulling a PR stunt (FierceITSecurity) I get very worried when I agree with Donald Trump about anything

The Contrarian Response to Apple's Need for Encryption (Hackaday) On December 2, 2015, [Syed Rizwan Farook] and [Tashfeen Malik] opened fire at a San Bernardino County Department of Public Health training event, killing 14 and injuring 22

FBI Can Use Dead Suspects' Fingerprints To Open iPhones — It Might Be Cops' Best Bet (Forbes) As Apple AAPL makes iPhones increasingly secure, the FBI has found it more difficult to get at data within suspects' iOS devices

Apple's Line in the Sand Was Over a Year in the Making (New York Times) Time and again after the introduction of the iPhone nearly a decade ago, the Justice Department asked Apple for help opening a locked phone. And nearly without fail, the company agreed

How Tim Cook, in iPhone Battle, Became a Bulwark for Digital Privacy (New York Times) Letters from around the globe began pouring into the inbox of Timothy D. Cook not long after the publication of the first revelations from Edward J. Snowden about mass government surveillance

Silicon Valley cybersecurity companies weigh in on Apple encryption dispute (Silicon Valley Business Journal) A judge's order to Apple Inc. that it must provide "reasonable technical assistance" to investigators aiming to unlock an iPhone owned by one of the San Bernardino shooters has prompted Silicon Valley cybersecurity experts to express their support for CEO Tim Cook's resistance, arguing that such a demand wouldn't be isolated

Apple Letter on iPhone Security Draws Muted Tech Industry Response (New York Times) After a federal court ordered Apple to help unlock an iPhone used by an attacker in a December mass shooting in San Bernardino, Calif., the company's chief executive, Timothy D. Cook, penned a passionate letter warning of far-reaching implications beyond the case

Mozilla chief: FBI snooping at Apple 'back door' makes you less safe (CNN) Today, the Internet is where we live our everyday lives

AT&T, Verizon Have Different Obligations Than Apple (Nasdaq) For U.S. phone companies like AT&T Inc. and Verizon Communications Inc., the notion of resisting a court order like Apple Inc. Chief Executive Tim Cook recently did is probably inconceivable. The reason is legal

Clinton email chain discussed Afghan national's CIA ties, official says (Fox News) One of the classified email chains discovered on Hillary Clinton's personal unsecured server discussed an Afghan national's ties to the CIA and a report that he was on the agency's payroll, a U.S. government official with knowledge of the document told Fox News

Navy's intel chief battling clearance controversy, cyber struggles (C4ISR & Networks) As the Navy's top intelligence and information warfare officer calls for increased attention and money for cyber priorities, he's also fighting more personal battles amid a Defense Department corruption investigation

VTech not backing down on terms change after data breach (CSO) Hong Kong toy maker VTech is not backing down from a change in its Terms and Conditions

Anonymous Hacker Gets Lost at Sea, Is Rescued and Then Arrested (Softpedia) Hacker rescued by Disney cruise ship near the coast of Cuba

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Upcoming Events

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.