skip navigation

More signal. Less noise.

Daily briefing.

A large database containing information on 154 million US voter profiles seems to have leaked online. The database was found by MacKeeper researcher Chris Vickery. It’s now been taken down and is no longer exposed. The information appears to have originated with data broker L2, which believes it was compromised by a breach at an "unnamed national client."

Tech support scammers have added a fresh approach as their cold calls meet an increasingly skeptical reception: pop-ups purporting to be from a user’s ISP.

GozNym is reported to be employing redirection attacks as the banking Trojan hits services in the US.

Rapid7 reports that the open-source API framework Swagger suffers from an unpatched remote-code execution vulnerability.

Crytpo-ransomware has now far outstripped its older, cruder screen-blocking rivals. Kaspersky says it accounted for some 54% of extortion malware observed in April, up from 10% a year ago. Two other bits of news appear with respect to ransomware: Emsisoft has released a decryption tool for ApocalypseVM, and TeslaCrypt remains out of service. No one’s complaining about TeslaCrypt’s disappearance, but researchers find it baffling: why would criminals abandon a tool still able to make them money?

In industry news, observers think Symantec’s Blue Coat buy may lift cyber sector stocks and spur more M & A. SecurityScorecard raises $20 million in venture capital. Everyone awaits tomorrow’s expected announcement of the Brexit vote’s results.

More expansive online investigation stalls in the US Senate.

Investigators say State reduced network security temporarily to accommodate then-Secretary Clinton’s home server.

A note to our readers: our report on yesterday's Cyber 7.0 conference will appear with tomorrow's issue.


Today's issue includes events affecting China, India, Israel, New Zealand, Pakistan, Russia, Serbia, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll talk to University of Maryland expert Markus Rauschecker (of the Center for Health and Homeland Security). We'll also hear from Zscaler's Deepen Desai about new malware targeting Microsoft systems. (And as ever, if you feel so inclined, please give us an iTunes review.)

Cyber Security Summit (Washington, DC, USA, June 30, 2016) ​Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the NSA, FBI and more. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) ​Connected cars are on the roads, and autonomous vehicles are coming. Connect with industry experts at the first summit devoted to this emerging, life-changing technology.​ Register here and use code CyberWire2016 for a 20% discount off the corporate rate.​

Cyber Attacks, Threats, and Vulnerabilities

154 million US voter records exposed following hack (Help Net Security) MacKeeper security researcher Chris Vickery has discovered yet another database containing voter profiles of US citizens, accessible to anyone who stumbled upon it or knew where to look

Tech support scammers impersonate victims’ ISP (Help Net Security) Tech support scammers have switched from cold calls to pop-ups ambushing users online, seemingly coming from the victims’ ISP

GozNym Banking Trojan Hits the US with Redirection Attacks (Twrix) GozNym, a banking trojan discovered only two months back, has added a new trick to its arsenal and is using it to target high-level business banking services in the US

Unpatched Remote Code Execution Flaw Exists in Swagger (Threatpost) An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said

Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware (Darek Reading) Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found

Security Researchers Puzzled by Demise of TeslaCrypt Ransomware (eWeek) Cyber-criminals have already shifted to another ransomware program, CryptXXX, but researchers continue to puzzle over why TeslaCrypt's operators gave up their encryption keys

Pen testers discover mega vulnerabilities in Uber (SC Magazine) Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys

Carbonite Triggers Password Reset for 1.5M Customers After Reuse Attack (Threatpost) Online backup firm Carbonite is forcing all of its 1.5 million users to change their passwords after reporting that accounts was targeted in a password reuse attack. According to a statement issued by Carbonite on Tuesday hackers were attempting to break into user accounts using stolen credentials. In some cases, personal information may have been exposed, Carbonite wrote in a blog post

Carbonite Accounts Targeted in Password Reuse Attack (Carbonite) What Happened: As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts

Carbonite Is Latest Victim Of Password Reuse Attack (Dark Reading) Back-up services provider asks users to reset passwords, claims hackers used details from earlier breached websites

Internet trolls hack popular YouTube channel WatchMojo (CSO) Hackers tag videos, but leave content unchanged

Mark Zuckerberg is paranoid about webcam spies – for good reason (Naked Security) Here’s a riddle: what do Mark Zuckerberg and FBI Director James Comey have in common? I mean, besides the fact that they both run organizations that know waaaaaaaay too much about us?

Cyber attack at Holley School District (WHAM) The FBI and State Police are investigating a cyber attack against the Holley Central School District

Security Patches, Mitigations, and Software Updates

Patched libarchive Vulnerabilities Have Big Reach (Threatpost) The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software

WordPress Security Update Patches Two Dozen Flaws (Threatpost) WordPress last week updated to version 4.5.3, a security release for all versions of the content management system

Cyber Trends

Rise of Darknet Stokes Fear of The Insider (KrebsOnSecurity) With the proliferation of shadowy black markets on the so-called “darknet” — hidden crime bazaars that can only be accessed through special software that obscures one’s true location online — it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders

KnowBe4 Releases Results of 2 Year Survey Showing Rising Concern over Ransomware (Benzinga) Security awareness training and backup deemed most effective to combat ransomware

Why are hackers increasingly targeting the healthcare industry? (Help Net Security) Cyber-attacks in the healthcare environment are on the rise, with recent research suggesting that critical healthcare systems could be vulnerable to attack

Shipping unprepared for five stages of a cyber attack (Marine Electronics & Communications) The shipping industry is unprepared for any serious and lengthy cyber attacks. Shipowners, operators and managers may feel they are ready for malware infections on their ships because they employ antivirus software. But they would not be prepared for a well-thought-out attack from a strong-willed hacker

United Kingdom has the strongest security globally, report says (CSO) A recent research study listed how countries fared


Cyber-Security M&A Heats Up: Symantec’s Purchase May Spur Deals (See IT Market) Cyber-Security was one of the hottest areas in the Tech space during the first half of 2015. Then came the July washout of all high growth and high valuation technology stocks. That sent the sector reeling. The Cyber-Security ETF (HACK), peaked above $33.50 in June of 2015 and traded almost down to $19 in February of 2016. That low marked the bottom of a massive correction. HACK has since recovered to $24.45 and recent developments hint that more Cyber-Security M&A deals may be around the corner

Is Dell cutting too deep? (Enterprise Times) As Dell gets closer to closing its EMC acquisition it is disposing of assets no longer considered core. This is not just about Dell slimming down. It has a lot of investors wanting to see a return on the monies pledged for the EMC acquisition

Why the Carlyle Group's vanishing stake in Booz Allen will be good for the contractor (Washington Business Journal) Booz Allen Hamilton Inc. (NYSE: BAH) is finally seeing growth after years of revenue declines — an improved financial picture that helped boost its credit ratings outlook recently. But buried in that report, the credit rating agency noted another reason for optimism: "a reduced Carlyle equity ownership stake"

Akamai Technologies: A Long Term Value Play? (Small Cap Network) Our SmallCap Network Elite Opportunity (SCN EO) portfolio has opened a position in Akamai Technologies, Inc (NASDAQ: AKAM) as a long-term idea and value play on forward growth with short-term trading implications

NeuStar's upcoming split will mean a tale of two headquarters (Washington Business Journal) NeuStar Inc. will split its business into two, divided between its legacy operations and its rapidly growing realtime marketing services

Canadian cyber security expert Daniel Tobok launches new firm, Cytelligence (Newswire) Daniel Tobok, an internationally recognized cyber security and digital forensics expert, launches Cytelligence Inc., a new elite kind of cyber security firm

SecurityScorecard raises $20 million from Google Ventures (TechCrunch) SecurityScorecard, the platform that monitors and assesses companies’ cybersecurity strength, has raised $20 million in Series B funding from GV (the Alphabet-ized new name for Google Ventures)

LightCyber raises $20 million to boost sales globally (Start-Up Israel) Investors include US firm Access Industries and Shlomo Kramer, the cybersecurity company says

Israeli cybersecurity boom 'sustainable', argues industry’s father (Register) Pipelines are improving but discrimination is still a problem

Northern Ireland becoming a global IT security hub as Alert Logic creates 88 jobs (Silicon Republic) Alert Logic has created 88 jobs in Belfast – 30 of which are already in place – at a new Security Research and Technology Development Centre

REI Systems is a Washington Post Top Workplace for the Second Year in a Row (REI Systems) REI ranks 7th on The Washington Post Top Workplaces List of 2016

NSFOCUS receives Bounty Award for fourth consecutive year (SC Magazine) For the fourth consecutive year, NSFOCUS has received the honour of the Microsoft Mitigation Bounty Award

Optiv Snags CIO Away From Experian (Techrockies) Denver-based cyber security provider Optiv has snagged an executive from Experian, to serve as the company's new Chief Information Officer

Products, Services, and Solutions

E8 Security Joins IBM Security App Exchange Community (MarketWired) E8 Security App for QRadar part of collaborative development to stay ahead of evolving threats

Cylance expands ties with partners to meet cybersecurity demands in EMEA regions (Voice and Data) Artificial Intelligence-based cybersecurity company Cylance has expanded its Europe, Middle East and Africa (EMEA ) operations with three leading channel partners. Cylance has established partnerships in France, Germany and the Middle East to meet rising demands in EMEA for preventive cybersecurity solutions and services

Microsoft Rolls Out New Data Classification And Security Service (Dark Reading) Azure Information Protection the first-fruit of Microsoft's acquisition of Secure Islands

Azure Information Protection makes warding off data leaks easier (Ars Technica) Based on tech bought last year, new system builds on Azure Rights Management

Gurucul Extends Cloud Security User Behavior Analytics Platform to Protect Microsoft Office 365 (BusinessWire) Visibility across cloud and on-premises hybrid environments can protect confidential data in sharepoint online that spans both infrastructures

Akana Platform Wins Cloud Platform Innovation Award (CBS8) Innovative end-to-end API Management Platform is recognized

Ixia Wins 2016 NetworkWorld Asia Information Management Award for Network Testing & Measurement (BusinessWire) Ixia (Nasdaq: XXIA), a leading provider of network testing, visibility, and security solutions, announced that Ixia was selected as the winner in the Network Testing and Measurement category for the 2016 NetworkWorld Asia Information Management Awards

MobileIron First to Receive Common Criteria Certification for Mobile Device Management Protection Profile V2 (PRNewswire) MobileIron (NASDAQ: MOBL), the stand-alone EMM leader, today announced that it has become the first company in the world to receive Common Criteria certification against Version 2.0 of the Mobile Device Management Protection Profile (MDMPP V2.0 and MDMPP Agent V2.0) from the National Information Assurance Partnership (NIAP)

Let’s Encrypt Celebrates Big HTTPS Milestone (Threatpost) Certificate authority Let’s Encrypt is celebrating a major milestone in the young nonprofit’s existence issuing its 5 millionth certificate this month. Let’s Encrypt launched to the general public just seven months ago

Technologies, Techniques, and Standards

ApocalypseVM ransomware decrypter released (Help Net Security) AV company Emsisoft has added yet another ransomware decrypter tool to its stable: a decrypter for ApocalypseVM

Updating code can mean fewer security headaches (InfoWorld via CSO) Contrary to what you might think, updating code a lot can cut security issues in half -- and improve software quality

5 ways to keep your Instagram profile safe (Naked Security) Although I’m generally an early adopter of most new social media networks when they come out (go figure, I’m a shameless #Millennial), I was an Instagram curmudgeon for a while. But after giving it a go, its ease of use and brilliantly minimal interface completely won me over, and now I’m an InstaAddict

Design and Innovation

There’s a new OS in the works, and it’s being built by Huawei (Android and Me) There comes a point when everything passes, and for some, the best way to cope is to prepare. Huawei falls into that group, with The Information reporting that Huawei is developing its own operating system as a fallback to Android. While the details are unknown and intriguing, the larger question is, why?

DOD looks to develop a preemptive approach to network defense (Defense Systems) With roughly 43,000 attempted daily intrusions on the Department of Defense Information Network, or DODIN, the department has sought a more proactive approach to defense as opposed to a “whack-a-mole” response

Apple “opens up” the iOS 10 kernel – accident or design? (Naked Security) Apple, it seems, just can’t win when it comes to openness

Apple confirms iOS kernel code left unencrypted intentionally (TechCrunch) When Apple released a preview version of iOS 10 at its annual developers conference last week, the company slipped in a surprise for security researchers — it left the core of its operating system, the kernel, unencrypted

The Core Capabilities of Cognitive Systems (IBM Security Intelligence) The technologies behind cognitive systems have matured greatly in recent years, which has expanded the number and types of applications for the technology. One such initiative involves applying cognitive computing to cybersecurity

Research and Development

How much havoc is caused by unwanted radio signals? FCC tries to find out (Ars Technica) Radio noise floor is likely rising, but we don't know how much


Secure Your Future (Cybersecurity Education) Browse hundreds of programs and schools for cyber security

NSA Designates UTEP as a National Center of Academic Excellence (CAE) in Cyber Operations (KRWG) The University of Texas at El Paso recently earned recognition as a National Center of Academic Excellence (CAE) in Cyber Operations. The designation from the National Security Agency is for academic years 2016–21

Wittenberg, ATIC partner on cybersecurity effort (Dayton Business Journal) Wittenberg University is working with the Advanced Technical Intelligence Center in a bid to strengthen its cyber security programs

Verizon officials dig into cybersecurity challenges facing colleges (EdScoop) Higher education institutions can secure their data and networks without compromising a community of openness, Verizon officials said

Legislation, Policy, and Regulation

What People are Saying on Twitter about Brexit (Expert System) Analysis of 55,000 Tweets by Expert System and the University of Aberdeen reveal the main topics and trends around “Brexit”

When will we know the result of the Brexit vote? (MarketWatch) Financial markets are on a knife’s edge ahead of Thursday’s Brexit referendum, but investors will have to wait longer than usual to get the result of the vote

Opinion: How to craft a meaningful cyberarms pact (Christian Science Monitor Passcode) US diplomats are trying to revise how a global arms pact known as the Wassenaar Agreement applies to digital weapons. Despite misgivings from the tech sector, there’s an opportunity for Washington to help forge a deal that keeps hacking tools out of the wrong hands

Think tanks mull Geneva Convention for cybercrime (IDG via CSO) One way to protect critical national infrastructure from cyberwar is to promise not to attack it, policy wonks say

US Still Has No Definition for Cyber Act of War ( Pentagon leaders are still working to determine when, exactly, a cyber-attack against the U.S. would constitute an act of war, and when, exactly, the Defense Department would respond to a cyber-attack on civilian infrastructure, a senior Defense Department official told lawmakers on Wednesday

The US Military Can’t Train To Fend Off the Worst Cyber Attacks on Infrastructure — Yet (Defense One) Digital wargames that ‘truly represent a realistic and relevant threat’ are coming in 2019

Are China's hackers shying away from US targets? (Christian Science Monitor Passcode) A report indicates that Chinese cyberattacks on US companies are declining. But other experts say hackers are simply changing tack

Senate blocks access to online data without warrant (AP via Yahoo! Tech) The Senate on Wednesday blocked an expansion of the government's power to investigate suspected terrorists, a victory for civil libertarians and privacy advocates emboldened after a National Security Agency contractor's revelations forced changes in how the communications of Americans are monitored

Google, privacy groups urge Congress not to expand federal hacking power (Christian Science Monitor Passcode) A change to federal criminal procedure would allow judges to approve searches on computers outside their jurisdiction, a move that could have vast 'unintended consequences' for innocent people, civil liberties groups say

As FBI surveillance takes center stage, Senator Wyden warns against eroding civil liberties (Christian Science Monitor Passcode) After the Senate beat back a proposal to expand FBI surveillance powers in the wake of the Orlando shooting, the Oregon Democrat told Passcode 'the public is picking up that you don’t fight terror by eroding our freedoms for policies that don’t leave them safer'

Pakistan’s ‘University of Jihad’ is getting millions of dollars from the government (Washington Post) After terrorists killed more than 100 Pakistani school children 18 months ago, the country’s leaders vowed to crack down on religious seminaries that are recruiting grounds for domestic and international Islamist militant groups

Litigation, Investigation, and Law Enforcement

Emails: State Dept. scrambled on trouble on Clinton's server (AP) State Department staffers wrestled for weeks in December 2010 over a serious technical problem that affected emails from then-Secretary Hillary Clinton's home email server, causing them to temporarily disable security features on the government's own systems, according to emails released Wednesday

Can cops use phone left at scene of crime to call 911 to find its owner? (Ars Technica) Lawyer says court must suppress search that resulted in link to kidnapping case

Mobile advertiser tracked users' locations, without their consent, FTC alleges (IDG via CSO) InMobi has agreed to pay $950,000 as part of a penalty

New Zealander Gets Prison Time for Sending Militant Videos (AP via ABC News) A New Zealand man was sentenced Thursday to more than three years in prison for distributing Islamic militant videos in the first case of its type in the South Pacific nation

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception,...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.