skip navigation

More signal. Less noise.

Daily briefing.

As we expected, the UK voted yesterday to exit the European Union, a vote that not only means Prime Minister Cameron’s government will be out by October at the latest, but that will have far-reaching policy and market implications for cyber security as well.

GhostSquad hacktivists, hitherto largely associated with Anonymous operations against governments and banks, offer ISIS support by releasing a database containing personal data of US military personnel. The release comes as US Cyber Command takes an increasingly active combat support role in operations against ISIS. (Some observers recommend that anti-ISIS cyber ops, and information operations against the self-proclaimed Caliphate, be specific, granular, and tightly crafted for targets and audiences.)

Motherboard and others give Guccifer 2.0’s communications a good close reading. Consensus is forming that the lone hacker story about the DNC compromise doesn’t really hold water. Signs still point to Moscow. A former DNC researcher thinks Fancy Bear and Cozy Bear don’t know much about opposition research—he would make “Lazy Bear” the third bear in this story.

Neutrino is serving CryptXXX to visitors of anime site jkanime. The campaign mostly affects users in Latin America, particularly Mexico. Ransomware remains the most worrisome form of cybercrime affecting enterprises.

But older threats persist, too. LizardSquad (“cyber-yobs,” as Naked Security calls the skids) may have subjected another gaming site to a DDoS attack. The venerable Conficker wad of worms remains the number-one malware family. The Necurs botnet (used to spread Dridex and Locky) is back after a three-week hiatus.


Today's issue includes events affecting Bangladesh, Belgium, Denmark, European Union, Finland, France, Germany, Greece, India, Iraq, Israel, Mexico, Norway, Spain, Sweden, Syria, Russia, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Accenture's Malek Ben Salem on software defined security. Our guest, Bastille Networks' Matt Knight, whom we heard at Jailbreak, will pick up an important IoT issue by explaining the implications of low-power wide area networks. We'll also hear from Daniel Mayer, CEO of Expert System. Expert System's social media research, conducted with the University of Aberdeen, predicted the Brexit vote accurately. (The prediction markets generally had it wrong.) Join us an hear how they did it.

(And as always, please, if you feel so inclined, consider giving us an iTunes review.)

Cyber Security Summit (Washington, DC, USA, June 30, 2016) ​Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the NSA, FBI and more. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) ​Connected cars are on the roads, and autonomous vehicles are coming. Connect with industry experts at the first summit devoted to this emerging, life-changing technology.​ Register here and use code CyberWire2016 for a 20% discount off the corporate rate.​

Dateline Cyber 7.0

Cyber 7.0: Critical Infrastructure and the Internet-of-Things (The CyberWire) Cyber 7.0 met on Wednesday, June 22, in Laurel Maryland. The conference focused on critical infrastructure and the Internet-of-things. After welcoming remarks from Howard County Chamber of Commerce CEO Leonardo McClarty, Senator Ben Cardin (D-Maryland) delivered a short keynote address

Cyber Attacks, Threats, and Vulnerabilities

Hackers Just Leaked Personal Data of US Military Officials and it’s Legit (HackRead) Shortread: hackers have leaked personal data of US military officials and according to experts, it’s legit and never been leaked online before

Why Russian hackers, not a lone wolf, were likely behind the DNC breach (CSO) A lone hacker named Guccifer 2.0 has tried to take credit

Why Does DNC Hacker 'Guccifer 2.0' Talk Like This? (Motherboard) A week after a hacker going by the name of ‘Guccifer 2.0’ claimed responsibility for the hack on the Democratic National Committee, the mysterious individual spoke publicly for the first time. Guccifer 2.0 called himself a “hacker, manager, philosopher, women lover.” And of course, someone who likes Gucci

Commentary: What the hackers who attacked the DNC don't get about 'oppo research' (Chicago Tribune) Last week, The Washington Post broke the news that for the better part of the past year, Russian hackers have been in and out of the Democratic National Committee's computer servers, targeting the opposition research that the party has developed to use against presumptive Republican presidential nominee Donald Trump

Guccifer 2.0 hack reveals DNC collaboration with foreign billionaire to ‘alter the electorate’ (American Thinker) The Democratic Party is collaborating with a foreign billionaire who has repeatedly violated our laws by illegally contributing to elections here, in a project to achieve its progressive agenda by “altering the electorate,” according to an authentic-looking document leaked by a hacker of the DNC computers who uses the name Guccifer 2.0

Has the Lizard Squad returned to ruin your day again? (Naked Security) It seems that those annoying cyberyobs that call themselves the Lizard Squad might have struck again. Sigh! It looks like they’ve run a DDoS (Distributed Denial of Service) attack against Blizzard’s servers, stopping players of the popular Overwatch game from – well – playing

GozNym Trojan turns its sight on business accounts at major US banks (CSO) The malware redirects victims to perfect replicas of online banking websites

Popular Anime Site Infected, Redirecting to Exploit Kit, Ransomware (Threatpost) An anime site popular in Mexico and South America was this week infected with malware redirecting visitors to a Neutrino Exploit Kit landing page

The number of corporate users hit by crypto ransomware is skyrocketing (IDG via CSO) File-encrypting ransomware programs are on the rise and companies are increasingly their targets

Hackers Make Off with Millions of Air India Frequent Flier Miles (Infosecurity Magazine) An orchestrated hacking campaign is targeting members of Air India's frequent-flyer program, so far pilfering $23,745 worth of travel miles

Large Botnet Comes Back To Life -- With More Malware (Dark Reading) The Necurs botnet associated with Dridex and Locky is back after three-week haitus

Conficker tops ranking of most common malware family (SC Magazine) Conficker maintains its rank as the most common malware family, according to Check Point’s May 2016 Threat Index

DNS Security Too Often Ignored (IT Business Edge) This week, Apple released a crucial security patch for its AirPort routers. As PC World noted: … the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution. I don’t write much about DNS security, and maybe I should. A couple of recent studies show how vital it is and how much a DNS-related security incident can cost you

How MDM software exposes your personal data (Help Net Security) Bitglass tracked the personal mobile devices of several willing employee volunteers with mobile device management (MDM) software to understand how MDM could be misused and to assess the true extent of access employers have to personal data and user behavior

Your nearest and dearest are snooping on your phone (Help Net Security) If you needed one more reason for protecting your phone with a passcode or fingerprint, here it is: there’s a good chance that one or more of the people close to you have snooped on it in the last year

Exfiltrating data from air-gapped computers by modulating fan speed (Help Net Security) For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies (“AirHopper”); using heat (“BitWhisper”), using rogue software (“GSMem”) that modulates and transmits electromagnetic signals at cellular frequencies

What Is SQL Injection and How Can It Hurt You? (eSecurity Planet) Using SQL injection hackers can wreak havoc on databases and data-driven applications. Fortunately there are ways to reduce SQL injection risk

Security Patches, Mitigations, and Software Updates

Tor coders harden the onion against surveillance (Naked Security) A nonet of security researchers are on the warpath to protect the Tor Browser from interfering busybodies

Meinberg Clears NTP Time Server Issues (Industrial Safety and Security Source) Meinberg created a new Version 6.20.004 to mitigate a stack buffer overflow vulnerability and a privilege escalation vulnerability in its NTP Time Servers Interface, according to a report on ICS-CERT

Cyber Trends

'Smart' Building Industry Mulls Cybersecurity Challenges (Dark Reading) New 'attraction and curiosity' for infosec at the Intelligent Buildings Conference this week


Brexit: Bank of England won't hesitate to take additional measures after Brexit (International Business Times) The Bank of England (BoE) will not hesitate to take additional measures to ensure markets are able to cope with the outcome of the European Union referendum vote

World stocks routed as Britain votes for EU exit (Reuters) World stocks saw more than $2 trillion wiped off their value on Friday as Britain's vote to leave the European Union triggered 5-10 percent falls across Europe's biggest bourses and a record plunge for sterling

Updated: How will Brexit affect the cyber-security industry in UK and Europe? (SC Magazine) With the 52 percent to 48 percent vote in favour of Britain leaving the European Union today, what are the implications for information security and assurance, the fight against cyber-crime and the development of the cyber-security tech industry in the UK?

How will Brexit affect cybersecurity in the UK? What the experts are saying about leaving the EU (International Business Times) The result of the U.K.’s Brexit referendum defied gambling firms, which placed a 90 percent chance on the nation remaining in the European Union as the campaign drew to a close. It might just be one of the occasions where an outsider wins, Ladbrokes Plc said

Forecasting the Implications for Cybersecurity in Britain After Thursday's Referendum (Digital Shadows) On Thursday, the United Kingdom goes to the polls to vote on one of the most important and contentious referendums Britain has ever seen. No matter what the result is, to remain or leave the European Union, when we wake up on Friday morning there could be a host of changes to the business, economic, social, and political landscape in which we live and work

U.K. backs Brexit. Here's how it could impact you. (Washington Business Journal) The United Kingdom voted Thursday to leave the European Union. It was a stunning decision

How Did the Bookies Get It So Wrong: Ladbrokes Tries to Explain (Bloomberg) The result of the U.K.’s Brexit referendum defied gambling firms, which placed a 90 percent chance on the nation remaining in the European Union as the campaign drew to a close. It might just be one of the occasions where an outsider wins, Ladbrokes Plc said

Bitcoin surges past $650 as Brexit result sends UK Pound tumbling to 30-year low (TechCrunch) The global finance markets are slipping on Friday after the UK public voted to leave the EU, but there is one currency that is reveling in the uncertainty of the Brexit result: bitcoin

Official: Feedback on DHS Silicon Valley Experiment Has Been Positive (Nextgov) A federal effort to absorb technology from startups appears to be going well, a Homeland Security Department official says

Everyone’s Waiting for the Next Cybersecurity IPO (Fortune) Champion sailors have been known to learn their craft on Lake Travis, just outside Austin. The hills and topography surrounding the body of water whip up challenging winds, making it a sublime place for budding athletes to refine their tacking and jibbing skills ahead of a lifetime of competition

Top 100: Raytheon weaves cyber into tight knit portfolio (Washington Technology) Raytheon has been laser-focused over the past 18 months on its cybersecurity business in an attempt to broaden and deepen its ability to help customers secure their domains. Simply put, cyber is an area where Raytheon is trying to pull ahead of the competition

BAE Systems to support INSCOM under $75M contract (Washington Technology) BAE Systems has won a $75 million contract to provide geospatial intelligence technical and analytical support to the U.S. Army Intelligence and Security Command (INSCOM)

Cyber Heist Probe: Bangladesh May End Contract With FireEye (Dark Reading) Bangladesh Bank reportedly cites high cost as reason for possible termination of agreement

1 Analyst Thinks Palo Alto Networks Is Worth $215 -- Is He Right? (Motley Fool) Yet another tech investment analyst is enamored with the upstart data security provider, but why?

Symantec (SYMC) Stock Up over 20% Recently: Here's Why (Nasdaq) Shares of Symantec Corporation soared significantly over the last 10 days. The main reason behind this could be its recent agreement to acquire Blue Coat, Inc., a leading web security solution provider, from private equity firm Bain Capital

Quick Heal acquires Junco Technologies, launches cyber security consulting (Medianama) Security apps and software firm Quick Heal entered the cyber security consulting space by acquiring Junco Technologies, an information security, cyber intelligence and IT consulting firm. Rohit Srivastwa, the founder of Junco Technologies will join Quickheal and lead its newly formed Seqrite Services cyber security consulting division. The amount paid for the acquisition has not been disclosed

New Study Finds Cybersecurity Employment is on the Rise in San Diego (BusinessWire) A Cyber Center of Excellence commissioned economic impact analysis and workforce study has found a 14.7 percent increase in cybersecurity related jobs in just two years

San Diego's Cybersecurity Industry (Cyber Center of Excellence) The San Diego region is ideally positioned to capitalize on the ever-growing global demand for cybersecurity products and services

Products, Services, and Solutions

AWS, Microsoft cloud win US government security approval (CSO) Three vendors are authorized to handle highly sensitive government data

Launch of CyberWISER Light: Helping European Firms get smart about Cyber Security (CyberWISER) WISER announces the launch of its new, free tool for European SMEs: CyberWISER Light

Next-gen, signatureless, and Cylance (Sophos) Last week I watched a presentation from our SVP and GM of the Enduser Security Group, Dan Schiappa. Now, those of you who know Dan know he is truly passionate about security – and as the former head of Windows security for Microsoft and a Division GM at RSA, he knows a thing or two about the topic

Technologies, Techniques, and Standards

MoD searches for hidden cyber security skills (Public Technology) The Ministry of Defence has launched a test to identify armed forces personnel with a skills for cyber security work

Privacy, risk and trolls: Dealing with the security challenges of YouTube fame (CSO) It seems a new YouTube star is born every day lately with thousands now making money and pursuing full-time careers in online video. But the popularity that comes with millions of viewers is not without its privacy challenges

Design and Innovation

Internet Of Things & The Platform Of Parenthood (Dark Reading) A new father's musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up

Facebook’s Research Ethics Board Needs to Stay Far Away from Facebook (Wired) Chances are, you're on Facebook right now. About 1.7 billion people—almost a quarter of the world’s population—actively use the social media platform . And though it’s free, Facebook isn’t charity. It has a product, and that product is you and me. The company cleared a tidy $5.2 billion from user-directed ads in the first quarter of 2016 alone

Research and Development

A new algorithm could predict Islamic State attacks (Stars and Stripes) It was September 2014, and machine gun and artillery fire had erupted in small villages just west of Kobani, Syria. The Islamic State had started a siege on the border town, strategically entering through nearby villages. That same week, researchers at the University of Miami who were tracking online extremist groups saw a flurry in activity

Legislation, Policy, and Regulation

Brexit: David Cameron to quit after UK votes to leave EU (BBC) Prime Minister David Cameron is to step down by October after the UK voted to leave the European Union

EU referendum live: Boris Johnson hails 'glorious opportunity' of Brexit as David Cameron resigns (Telegraph) David Cameron has resigned as Prime Minister after Britain voted to leave the European Union

Brexit: Europe stunned by UK Leave vote (BBC) A wave of shock is reverberating around Europe as countries across the EU and beyond digest the decision by UK voters to leave the European Union

How will Brexit result affect France, Germany and the rest of Europe? (Financial Times) Britain’s decision to leave the EU changes the facts of life in Europe, increasing the challenges faced by the governments of France, Germany, the Netherlands and elsewhere in the continent — notably in the Nordic countries

What the actual hell, Britain? (TechCrunch) As I’m writing this, it looks as if Britain has voted to leave the EU

The Long Road to Brexit (Foreign Policy) Markets are stunned. Commenters are shocked. But future historians may view this moment as inevitable

Win or Lose, the Brexit Vote Shows How Hard It Is to Defend the EU (Foreign Policy) Even the “remain” camp couldn’t muster an argument in defense of Brussels-style democracy

Microsoft proposes international code of conduct for cyberspace (Christian Science Monitor Passcode) The tech giant has suggested a set of rules that include proactive security disclosures and establishing global regimes to stop the spread of digital weapons

Cyber teams' first live campaign: fighting ISIS (Federal Times) While Congress considers elevating U.S. Cyber Command to a combatant command, the military’s nascent cyber teams are getting their first taste of combat in the fifth domain, conducting both offensive and defensive maneuvers in the fight against the Islamic State group

Cyber Command getting closer to full deployment (Defense Systems) The U.S. Cyber Command’s goal of setting up 133 cyber mission force teams to serve as a global force to conduct cyberspace operations in support of a three-pronged mission set is nearing its completion

Getting Personal in the War vs. Islamic State (Voice of America) The U.S. is being urged to take a more sensitive and personalized approach to fighting the Islamic State terror group if it wants to replicate some of the success it has had on the physical battlefield in cyberspace

Army Updates Cyber Electromagnetic Activities Regulation (Military Spot) In response to the emerging concept of cyber electromagnetic activities, or CEMA, the Army has updated, renamed and published Army Regulation 525-15

DOJ Insists That Rule 41 Change Is Not Important, Nothing To See Here, Move On Annoying Privacy Activist People (TechDirt) We've been talking a lot about Rule 41 lately around here. As we've discussed, the DOJ had pushed for an update to the rule, basically granting the FBI much greater powers to hack into lots of computers, including those abroad (possibly creating diplomatic issues). We've been discussing the problems with the DOJ's proposed change for years, and we haven't been alone. Civil liberties groups and tech companies have both blasted the plans, but to no avail

Ethical hacking at the DoD draws interest from HHS (Federal Times) The Department of Defense’s recent "Hack the Pentagon” bounty program was such a hit that the Department of Health and Human Services is starting to take a look at it

Litigation, Investigation, and Law Enforcement

Clinton’s private e-mail was blocked by spam filters—so State IT turned them off (Ars Technica) Security measures were disabled because Clinton's e-mails were "going to spam"

Clinton failed to hand over key email to State Department (Fox News) Former Secretary Hillary Clinton failed to turn over a copy of a key message involving problems caused by her use of a private homebrew email server, the State Department confirmed Thursday. The disclosure makes it unclear what other work-related emails may have been deleted by the presumptive Democratic presidential nominee

Crook who left his phone at the scene has “no reasonable expectation of privacy” (Ars Technica) Judge says it's OK that a phone found at a burglary leads to kidnapping evidence

US court rules that FBI can hack into a computer without a warrant (CSO) The case involves the FBI arresting a child pornography suspect

Prosecutors call wannabe Islamic State fighter a flight risk (Washington Post) An 18-year-old Indiana man accused of trying to travel overseas to join the Islamic State militant group should remain held until trial because he’s a flight risk and poses a potential threat to the public, federal prosecutors argued in a court filing

SEC Sues UK Man For Hacking US Investors' Accounts (Dark Reading) SEC files case in US court, alleges offender cost victims $289,000 through illegal trades

PhishMe® Initiates Intellectual Property Enforcement Action Against Wombat Security Technologies®, Inc. (BusinessWire) PhishMe® Inc., the leading provider of phishing threat management solutions, announced that it has filed suit against Wombat Security Technologies®, Inc. (“Wombat”) in the United States District Court for the District of Delaware for infringing PhishMe’s U.S. Patent No. 9,356,948. A copy of the complaint, filed on June 1, 2016, can be found here

Let's Encrypt and Comodo in Trademark Tussle (Graham Cluley) The non-profit Let's Encrypt project, set up to help more websites switch on HTTPS for free, has found itself in a kerfuffle with Comodo, one of the largest commercial vendors of website certificates

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception,...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.