skip navigation

More signal. Less noise.

Daily briefing.

Ukraine’s central bank flagged the risk of SWIFT-based funds-transfer fraud in April, Reuters reports. Confidential communication warned lenders to be on their guard and upgrade security.

Palo Alto Networks has taken down the infrastructure used by an Iranian group to spread Infy cyber-espionage tools, a welcome but probably temporary respite for those targeted.

The quality and provenance of the health insurance data DarkOverlord is selling in the RealDeal dark web souk remain controversial. InfoRiskToday reports another possible insurance breach, this one involving India’s Shriram Life Insurance. Third parties claim they’ve confirmed the incident; Uttar Pradesh police await the firm’s disclosure before they begin their own investigation.

Massachusetts General Hospital discloses a breach affecting 4300 patients. A third-party (a dental patient scheduling software vendor) is thought to be the origin of the breach, which affects records, not devices.

But medical devices are also under attack, in large part because of their potential to compromise sensitive patient information. TrapX Labs reports seeing a wave of IoT device hacks using the venerable Conficker worm.

Popular Russian social networking site Sprashivai (Infosecurity Magazine compares it to Yahoo! Answers) has been compromised. It’s using an injected iFrame to redirect users to the RIG exploit kit, which installs the SmokeLoader Trojan (typically associated with credential theft and click fraud).

Observers still believe Guccifer 2.0 (despite denials) is a denial-and-deception operation, but they also wonder why the Russians would bother.

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) V5 standards go into effect today.

And a note to our readers: the CyberWire will not publish Monday, as we celebrate Independence Day. We'll be back as usual on Tuesday, July 5.

Notes.

Today's issue includes events affecting Australia, Brazil, China, European Union, India, Indonesia, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, Turkey, Ukraine, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from John Leiseboer of QuintessenceLabs on key management within a security framework. And we'll have two experts tell us about DevOps: eGlobalTech's Branko Primetica and Cybric's Mike Kail.

(Remember, we welcome reviews. Please consider reviewing our podcast on iTunes. Thanks.)

Cyber Security Summit (Washington, DC, USA, June 30, 2016) ​Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the NSA, FBI and more. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) ​Connected cars are on the roads, and autonomous vehicles are coming. Connect with industry experts at the first summit devoted to this emerging, life-changing technology.​ Register here and use code CyberWire2016 for a 20% discount off the corporate rate.​

E8 Security (Detroit, Michigan, USA, July 22, 2016) E8 Security - DETECT. HUNT. RESPOND. Find out how.

Cyber Attacks, Threats, and Vulnerabilities

Ukraine central bank flagged cyber-attack in April: memo (Reuters via Euronews) Ukraine’s central bank urged lenders in April to review security procedures, saying thieves had attempted to steal money from a Ukrainian bank using fraudulent SWIFT transfers, according to a confidential message obtained by Reuters

Researchers dismantle decade-long Iranian cyberespionage operation (CIO) The group infected more than 300 computers in 35 countries with information-stealing malware

Hacker puts more than 9M health care records up for sale on the dark web (FedScoop) "There is not enough evidence to determine whether or not the data was obtained using ransomware," OWL Cybersecurity's CEO says

Shriram Life Insurance Servers Hacked? (InfoRiskToday) Alleged hackers dump massive archive of critical data

Top Russian Site Exposes Millions to Info-Stealing Malware (Infosecurity Magazine) Sprashivai, a popular Russian Q&A and social networking site similar to Yahoo! Answers, has been compromised by an actor attempting to silently redirect users to the RIG Exploit Kit via an injected iFrame

DNC hacker Guccifer 2.0 denies Russian links and mocks security firms (CIO) The DNC breach included confidential files, including campaign, foreign policy documents

Over 100 DDoS botnets built using Linux malware for embedded devices (CSO) Default and hard-coded credentials have led to the compromise of thousands of Internet-of-Things devices

Over 100 Snooping Tor Nodes Have Been Spying on Dark Web Sites (Motherboard) Just like the internet generally, not all of the Tor network is safe. Sometimes, people set up malicious exit nodes—the part of the network where a user's traffic joins the rest of the normal web—in order to spy on what users are up to

Hackers: Ditch the malware, we're in... Just act like a normal network admin. *Whistles* (Register) Nmap in hand, they're soon working pwned systems like a boss - study

Conficker Used in New Wave of Hospital IoT Device Attacks (Threatpost) Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps are increasingly being targeted by hacker seeking to steal patient medical records from hospitals. Attackers consider the devices soft digital targets, seldom guarded with same security as client PCs and servers within hospitals

Are hospital security standards putting patient safety at risk? (CSO) Is the need to secure patient data keeping healthcare facilities from focusing on patient safety? Ted Harrington from Independent Security Evaluators joins CSO to discuss how research finds hospitals are coming up short in safeguarding vulnerable medical devices

Massachusetts General Hospital data breach affects 4.3K patients (SC Magazine) Fingers are pointing at a third-party vendor as the culpable party behind the exposure of personally identifiable information of 4,300 patients of Massachusetts General Hospital (MGH)

Hackers are coming for your healthcare records -- here’s why (CSO) 1 in 13 patients will have their records stolen after a healthcare provider data breach

“Beaver Gang Counter” malware ejected from Play Store (Naked Security) Here’s another cautionary tale from Google Play. The good news is that the malware in this story has now been removed by Google; the website it used to collect stolen data is offline; and a cautious user would probably have avoided the app in the first place

Brazilians Migrate to Telegram, Cybercriminals Follow Suit (TrendLabs Security Intelligence Blog) Staple product offerings like online banking Trojans and tutorials for aspiring cybercriminals are still being peddled in the Brazilian underground market. While old crimeware remain the same, we observed that these young and brazen cybercriminals (two words that aptly describe the Brazilian cybercriminals of today), have switched communication platforms

This mobile Trojan from China fills your phone with porn apps (CSO) "Hummer" has become the world's biggest mobile Trojan threat

Skycure Report Finds at Least One iPhone in Every Large Enterprise Is Infected With Malware (MarketWired) Android devices are twice as likely to have malware as iOS devices

Kaspersky: Ransomware that encrypts is booming (Network World) Android mobile ransomware is on the rise, too

Why Twitter Can’t Even Protect Tech CEOs From Getting Hacked (BuzzFeed) Third-party authentication is still a security nightmare for Twitter

Some social engineering skills and Facebook will gift your account to hackers (Hack Read) Hacker sent fake passport to Facebook and hacks someone else’s account without even having access to victim’s email or password

It's not paranoia: Hackers can use your webcam to spy on you (Financial Review) Mark Zuckerberg of Facebook does it. So does FBI Director James Comey. Should you?

Turkish Hacker Defaces Arizona State Representatives and Legislature Sites (Hack Read) A football loving Turkish hacker defaced high-profile us government websites belonging to the State of Arizona, Arizona House of Representatives and Arizona Legislature

Fake-terror hides cyber attack (Courier) A Ballarat woman is warning residents not to be fooled by a highly sophisticated malware attack that draws people in through fake news reports claiming there has been a massacre in Ballarat

Security Patches, Mitigations, and Software Updates

Foxit Patches 12 Vulnerabilities in PDF Reader (Threatpost) Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product

Cyber Trends

APT and why I don't like the term (SANS Internet Storm Center) In May 2015, I wrote a dairy describing a "SOC analyst pyramid." It describes the various types of activity SOC analysts encounter in their daily work. In the comments, someone stated I should've included the term "advanced persistent threat" (APT) in the pyramid. But APT is supposed to describe an adversary, not the activity

Almost One-Third of Cyber Security Professionals Surveyed Admit to Compromising Ethics to Pass Audits (Yahoo! Finance) Over-stretched IT security pros spend more time fire-fighting than doing meaningful security work

Encryption, wiretaps and the Feds: THE TRUTH (Register) New US report suggests fewer peeps are using crypto but it's probably the other way around

Most are unable to control user activity in their IT infrastructure (Help Net Security) A majority of organizations report that they lack visibility into their cloud infrastructure, file shares, user activity and mobile devices, greatly impacting data security and system uptime, according to Netwrix

As threats evolve, faster response times are essential (Help Net Security) Two thirds of respondents to a global survey by the Business Continuity Institute reported that they had experienced at least one cyber incident during the previous twelve months, and 15% reported they had experienced at least ten incidents during the same period

Risks of working with untraceable documents (Help Net Security) An overwhelming majority of professionals are dealing with document-related productivity challenges associated with the inability to locate and track documents, control versions, efficiently complete reviews and approvals, and maintain information security, according to the BPI Network

Time, not technology, should be your cyber security weapon (Channelnomics) 2112 Group's Larry Walsh kicks off Channelnomics' cyber security conference

Big Data Breaches Shouldn’t be a Concern for Small Business (but They Still are) (Dataconomy) Big data breaches aren’t going away any time soon and the recent revelation that Russia’s criminal underworld is in possession of account data for 272.3 million people is a testament to that

Check Point Research Shows Corporate-Targeting Malware Families Continue to Grow, while African Countries Demonstrate Volatility in Threat Rankings (EIN) Check Point® Software Technologies Ltd. (NASDAQ: CHKP) (www.CheckPoint.com) has published its latest Threat Index for May 2016, revealing that the number of active global malware families increased by 15 percent in May 2016

Marketplace

Is One Researcher's Success at Finding Flaws Putting AV Future in Doubt? (eWeek) Security researcher Tavis Ormandy once again has found "many" holes in a security vendor's products—this time Symantec's antivirus tools—but that's not necessarily a bad thing

Symantec’s Woes Expose the Antivirus Industry’s Security Gaps (Wired) This week, Google security researcher Tavis Ormandy announced that he’d found numerous critical vulnerabilities in Symantec’s entire suite of anti-virus products. That’s 17 Symantec enterprise products in all, and eight Norton consumer and small-business products. The worst thing about Symantec’s woes? They’re just the latest in a long string of serious vulnerabilities uncovered in security software

As Outsourcing Grows, Asia Still Needs CISOs (InfoRiskToday) Zscaler's Scott Robertson on changing security leadership needs

Former FBI Deputy Director Timothy P. Murphy thinks cyber firms should focus on this big issue (Geektime) On a recent trip to Israel’s Cyber Week, Timothy P. Murphy explained how security startups can get noticed and what is lacking in the industry

Cyber Week in Tel Aviv explored the biggest trends in an exploding industry (Geektime) In one of the largest annual gatherings of cyber security professionals, major figures addressed the industry’s biggest challenges and areas for growth

FireEye: Recent Events Hint At Bright Future (Seeking Alpha) FireEye's recent management shift and reported buyout rejections hint at a hopeful future. Despite FireEye's large growth potential, the company is still facing many near-term difficulties. If FireEye is able to get its finances under control, the company has an extremely promising future in the fast-growing cyber security industry

Infoblox nommé le leader du marché du DNS (Global Security Magazine) Infoblox Inc. annonce la reconnaissance de son leadership sur le marché du DNS. Le rapport IDC révèle ainsi que la part de marché d’Infoblox a atteint près de 50 % en 2015 en ce qui concerne le DNS, le DHCP (le serveur/service délivrant des adresses IP aux ordinateurs), et les solutions de gestion des adresses IP (DDI)

This Mystery Investor Helped Push Cylance Into the 'Unicorn' Club (Fortune) And a big bank participated in the anti-virus startup’s $100 million funding round

Dell gets out of the Android business, and everything old is new again (Ars Technica) Company will stop updating Android tablets and focus on 2-in-1 Windows PCs

NCI Wins U.S. Cyber Command SAIC Subcontract (Defense Daily) NCI, Inc. was awarded an indefinite-delivery, indefinite-quantity (IDIQ) contract to provide cybersecurity services to U.S. Cyber Command as a subcontractor to Science Applications International Corp. [SAIC], NCI said Thursday

PhishLabs Recognized as One of the Best Places to Work (PR Rocket) Fast-growing, Charleston-based cybersecurity company is named a top employer in South Carolina

Tenable Network Security Names Stephen Riddick as General Counsel (BusinessWire) Riddick’s experience with high-growth and global companies to help Tenable scale to meet expanding market opportunities

Justin Dolly Joins Malwarebytes as the Company’s First Chief Information Security Officer (BusinessWire) Dolly brings proven security innovation and leadership to one of the fastest-growing companies in Silicon Valley

Products, Services, and Solutions

ThreatTrack Launches ThreatSecure Network Advanced Threat Defense Platform as a Managed Protection Service (PRNewswire) ThreatSecure as a Service™ offered through partnership with managed security services provider SecurView™

Container Security Stepping Up to the Plate (ServerWatch) It's a measure of a technology platform's maturity when there's a widespread ecosystem of security software built around it

Russian banks using Gemalto OTPs, Infineon releases BLE design (Secure ID News) Gemalto supplies Russian banks with OTP tech

KDDI in Japan selects Gemalto’s Connected cars and IoT solution (Smart Card Alliance) Solution includes remote subscription management and embedded SIM

Exabeam Joins FireEye Cyber Security Coalition (MarketWired) Exabeam user and entity behavior analytics supports a leading ecosystem designed to increase customer security

Technologies, Techniques, and Standards

CIP V5 Transition Program (NERC) NERC is committed to protecting the bulk power system against cybersecurity compromises that could lead to misoperation or instability. On November 22, 2013, FERC approved Version 5 of the critical infrastructure protection cybersecurity standards (CIP Version 5), which represent significant progress in mitigating cyber risks to the bulk power system

xDedic: What to Do If Your RDP Server Was Pwned (InfoRiskToday) Advice on guarding against stolen credentials misuse and related risks

How to enhance protection of your surveillance system against cyber attacks (CSO) Find out if someone is looking in on you when you are looking out at them

How To Use Threat Intelligence Intelligently (Dark Reading) Sometimes it's about a beer, but it's mainly about being prepared before opening the threat intel floodgates

Analyze your data: Where is it and who has it? (Help Net Security) It is becoming widely recognized that “unknown” data leakage of PCI data, and more broadly other Personally Identifiable Information, within enterprises is the highest value target for the bad guys

4 Ways Companies Protect Their Data From Their Own Employees (Fortune) “Insider threat,” the phenomenon of employees going bad, has become a key focus of corporate security departments, as companies become increasingly aware of how much damage an angry staffer or contractor can do by stealing or leaking intellectual property or other confidential data

Setting up Two-Step Verification on your Amazon account (Naked Security) I admit I am not a fan of shopping, but if it has to be done, I vastly prefer to do it online. Nowadays the vast majority of my household purchases arrive in an Amazon box (apologies to my UPS delivery driver)

Is Your Agency’s Security Up To Scratch? (Bandt) If CSI Cyber and Mr Robot have taught us anything, it is that there are plenty of black hat hackers who are out to get big companies for little reason beyond maliciousness or personal gain, says this guest poster, marketer & producer with Five by Five Sydney, Louis Petrides

Vermont Guard gears up for major cyber exercise (Defense Systems) The Vermont National Guard is gearing up for a cyber exercise to test its cyber warriors and civilian agencies in various aspects of cyber defense and response in the event of an attack on critical infrastructure. And Vermont’s units are looking for a cyber range to help them prepare

Design and Innovation

How Oracle’s business as usual is threatening to kill Java (Ars Technica) Oracle's silence about Java EE has brought developer community distrust to a fever pitch

Research and Development

Liar, liar, email on fire: the security value of lie detecting algorithms (SC Magazine) Researchers have developed a method of identifying linguistic clues in electronic communications that could point to possible cases of deception. Could lie-detecting algorithms reduce the impact of phishing emails?

How online learning algorithms can help improve Android malware detection (Help Net Security) A group of researchers from Nanyang Technological University, Singapore, have created a novel solution for large-scale Android malware detection

Legislation, Policy, and Regulation

This is South Korea’s elite cyber army that fights North Korea (MarketWatch) Thirty new students are trained each year to defend South Korea from attacks by its communist enemy

China is crushing the U.S. in 'economic warfare' (CNN Money) As China has risen to become the world's No. 2 economy, it has repeatedly used its business and financial clout to get what it wants on the world stage, say foreign policy experts Robert Blackwill and Jennifer Harris

Islamic State applauds the British: ‘Brexit threatens the unity of Crusader Europe’ (Washington Post) Earlier this year, the Islamic State released a chilling video in which it directly threatened attacks on Britain

Cybercrime bill to give PTA power to censor Internet (Pakistan Today) The government’s new cyber crime bill may finally permit the Pakistan Telecommunication Authority (PTA) the authority to manage, remove or block content on the Internet

The formation of [Indonesian] national cyber agency (Antara News) The establishment of the National Cyber Agency, which began three years ago with the arrival of the Cyber Desk in the Coordinating Ministry for Political, Legal and Security Affairs (Kemenko Polhukam), is now rumored to have been cancelled

U.S. needs to publicly attribute cyberattacks, former House intel chair says (FedScoop) Former Michigan GOP Rep. Michael Rogers said it wasn't reasonable to expect private sector firms to defend against nation-state hackers, and the government should say so

Time is short to stop expansion of FBI hacking, senator says (CSO) 'Inaction is what Congress does best,' Wyden says

Clinton cyber agenda includes emphasis on federal acquisition policy (Inside Cybersecurity) Presumptive Democratic presidential nominee Hillary Clinton would strengthen cybersecurity by prioritizing enforcement of standards for federal networks and contractors, and increasing discovery of cyber vulnerabilities, according to Clinton's new technology and innovation agenda

Senate confirms new Navy Fleet Cyber commander (C4ISRNET) The Senate on June 29 confirmed Rear Adm. Michael Gilday as the next commander of the Navy’s 10th Fleet/Fleet Cyber Command and promotion to vice admiral, according to congressional records

Litigation, Investigation, and Law Enforcement

Facebook has funds frozen in Brazil in another WhatsApp encrypted data dispute (TechCrunch) Around $6 million in Facebook’s Brazilian bank account has been frozen on court order in another dispute about encrypted data involving local police authorities and Facebook-owned messaging app WhatsApp, according to the local Globo G1 news service

Top court green-lights surveillance of Japan's Muslims (AL Jazeera) Legal challenge to police profiling of North Asian country's Islamic population dismissed by Supreme Court

Google found not guilty of stuffing kids with tracking cookies (Naked Security) In the US, it’s illegal to gather the personal information of children under the age of 13 without informing parents and getting their permission

FBI seeking to prevent disclosure of information about Orlando shooting (Washington Post) In the wake of the horrific attack on the Pulse nightclub, the Justice Department initially released a redacted transcript of one of the shooter’s 911 calls. Although that decision was quickly reversed, the Justice Department is still seeking to prevent the disclosure of information related to the shooter’s contacts with local law enforcement during the attack and standoff with the police, including information that is supposed to be publicly available under Florida law

Top Clinton aide was “frustrated” with her boss’ e-mail practices (Ars Technica) Abedin pushed Clinton to use State e-mail after a missed call with foreign secretary

Lynch meeting with Bill Clinton creates firestorm for email case (The Hill) The private meeting between Attorney General Loretta Lynch and former President Bill Clinton has created a political firestorm, fueling criticism of the Justice Department’s investigation into Hillary Clinton’s private email server

No decision after hearing for UK man accused of hacking FBI, NASA (Ars Technica) US seeks extradition of Lauri Love, who is also accused of breaching the Fed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Upcoming Events

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception,...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.