skip navigation

More signal. Less noise.

Recorded Future

Get threat intelligence on hackers and vulnerabilities FREE every day with the Recorded Future Cyber Daily. Sign up today.

Daily briefing.

As the US and South Korea conduct joint military exercises and shore up collaborative defenses against cyber threats, the Republic of Korea's National Intelligence Service accuses North Korea of a systematic campaign of hacking senior South Korean officials' smartphones. The objectives seem to be those of conventional espionage, but the incidents come at a difficult time of heightened sensitivity to Pyongyang's nuclear capabilities and aspirations.

ESET reports a new and unusually sophisticated form of Android malware. Spy[.]Agent[.]SI, currently most active against banking targets in Turkey, New Zealand, and Australia, locks an Android device's screen until the user enters the passcode. Spy[.]Agent[.]SI is being used to compromise two-factor authentication, and masquerades as a version of Adobe Flash Player.

The post-mortem on KeRanger continues. Apple clapped a stopper over it relatively quickly after being tipped off by Palo Alto, and it's thought that only some 7000 devices were affected. Observers see KeRanger, however, as confirmation of the increasingly important role ransomware is playing in the criminal economy.

Other, familiar, ransomware is found infesting restaurant review service Burrp. Visitors are directed to the Angler exploit kit, which in turn serves up a helping of TeslaCrypt.

In patch news, Google issues a security fix for Android Mediaserver.

Industry analysts take a look at the US cyber war against ISIS. Some of them see in the Pentagon's plans a $7 billion "windfall" for cyber security companies and the big integrators with whom they work.

In the UK, GCHQ glumly considers that return on its own substantial cyber investment has been disappointing.


Today's issue includes events affecting Australia, Brazil, China, Iran, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Russia, Syria, Turkey, United Kingdom, United States, and Venezuela.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Dateline RSA 2016

RSA wrapup: Private sector feels burned by feds (Fedscoop) Criticism of the feds’ efforts to force Apple to hack its own encryption dominated chatter at last week’s RSA Conference but seems to be the tip of an iceberg of discontent: The private sector is running out of patience with the U.S. government’s poor understanding and bungled efforts in cybersecurity. Every panel that featured a government representative — even one not affiliated …

Live from RSA – Endpoint security is dead, long live endpoint security (Naked Security) Here’s the latest episode of our award-winning security podcast – enjoy!

RSA 2016 – Highlighting Articles and Talks from this Year’s Conference (IT Pro) Last week the annual RSA Conference for 2016 was held in San Francisco and as always it presented experts and leaders in the fields of security, cryptography and privacy

My reflections after visiting RSA Conference 2016 (Help Net Security) RSA Conference has long been the place where security vendors announce new products and services, and industry trends are made. I was told by Centrify

Surprising tips from a super-hacker (CSO Online) Virtually everyone in technology knows about Kevin Mitnick, the one-time fugitive hacker who is now a security consultant. Mitnick has a wealth of security advice for the public.

Prevoty Recognized for Innovation in Application Security at RSA 2016 (BusinessWire) Prevoty, Inc., a leader in runtime application security visibility and protection, continues to show impressive momentum demonstrated by growing indus

Cyber Attacks, Threats, and Vulnerabilities

South Korea Accuses North of Hacking Senior Officials’ Phones (NYTimes) Seoul’s spy agency says that Pyongyang has stolen text messages, contact information and voice conversations, possibly in retaliation for new sanctions.

Sophisticated banking malware targets Android users (The Christian Science Monitor) Researchers have discovered malicious software targeting online banking customers that use Android smartphones and tablets, the latest indication of a surge in attacks against the platform.

OS X ransomware found bundled with legitimate software (Help Net Security) Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. The malware, dubbed KeRanger, has been found on Friday

KeRanger: First Mac OS X ransomware emerges (Symantec Security Response) Compromised BitTorrent installer used to spread ransomware that encrypts files on Mac OS X computers.

The malware that upset Apple's cart (International Business Times, India Edition) With the OSX ransomware KeRanger making Mac users nervous, here's a brief history of malware that have infected Apple computers.

The OS X ransomware likely infected less than 7,000 systems (Mashable) That's not too bad...if one of those infected systems isn't yours.

Ransomware arrives on the Mac: OSX/KeRanger-A – what you need to know (Naked Security) It’s happened: there’s now ransomware for the Mac, and it’s called “OSX/KeRanger-A”.

Apple’s Mac computer's hit with ransomware, here is how to get rid of it (TechWorm) How to Remove KeRanger Ransomware from Your Mac Since yesterday, Apple Mac users have been hit by a first ever fully functional ransomware called

Burrp compromised to serve Angler EK and deliver TeslaCrypt ransomware (Symantec Security Response) An Indian restaurant recommendation site contains injected code which redirects users to the Angler EK, which in turn drops TeslaCrypt (Trojan.Cryptolocker.N) on the computer.

The Nuts & Bolts of Ransomware in 2016 (TitanHQ) What you need to know about ransomware. What is a ransomware attack? How do the latest Ransomware attacks of CryptoWall, CryptoLocker, Popcorn Time, WannaCry and Not Petya operate?

Brazilian Coders Are Pioneering Cross-OS Malware Using JAR Files (softpedia) Currently only a malware dropper, but Kaspersky expects to see fully working banking trojans in the near future

RSAC16: Microsoft’s Windows PowerShell fully weaponised, security expert warns ( Security expert Ed Skoudis says the PowerShell Empire open-source security tool is as much use to attackers as it is to defenders.

Popular WordPress plugin opens backdoor, steals user credentials (Help Net Security) If you are one of the 10,000+ users of the Custom Content Type Manager (CCTM) WordPress plugin, consider your site to be compromised and proceed to clean

Beware spear phishers trying to hijack your website (WeLiveSecurity) If you fail to take proper care, it would be all too easy to type your password into an eNom phishing site and hand control of your website over to a online criminal gang.

Hack a mobile phone's fingerprint sensor in 15 minutes (Help Net Security) Two researchers from Michigan State University's biometrics group have devised a method for hacking mobile phone's fingerprint authentication by using

Is it REALLY this simple to bypass the iPhone and iPad lockscreen? (Graham Cluley) Researchers claim multiple iOS 9 vulnerabilities allow attackers to bypass Apple device's built-in passcode security - but some are skeptical

Abuse runs rampant on new generic top level domains (CSO Online) Generic top-level domains (TLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.

How one man could have broken into any Facebook account (Naked Security) Do you let security slip behind on your test servers because, hey, they’re not the real thing? That just happened to Facebook…

Report: Thousands of contractor emails found on Dark Web (FierceGovernmentIT) A recent study from ID Agent found thousands of federal contractor emails located on the Dark Web, demonstrating a security fault line than in some cases covered over a third of a contractor's email accounts

Password sharing habits prioritize convenience over security (Help Net Security) A new survey by LastPass on the password sharing habits of UK consumers reveals they favour convenience over security when it comes to sharing passwords.

Cyber attack on cancer chain affects 2.2 million (Health Data Management) FBI believes information was accessed from 21st Century Oncology’s database.

Clark County water district hit with cyber-attack (LASVEGASNOW) The Clark County Water Reclamation District has been hit with a cyber-attack but officials say operations haven't been disrupted and no customer or employee information was hacked.

Someone is Rickrolling people using fake parking tickets (Naked Security) Citizens of Asheville, NC have been afflicted with the 1980s.

Recovering from a Cyber-Attack (Consortiumnews) From Editor Robert Parry: Last week, we were told by IT experts that Consortiumnews was the apparent victim of a sophisticated “denial of service” attack that destroyed the site's functionality by imposing so many commands on the system that it blocked us from updating content or restoring the site

Security Patches, Mitigations, and Software Updates

Google Fixes Critical Mediaserver Bug, Again (Threatpost) Google has patched two critical Android vulnerability in Mediaserver that allowed remote execution of code.

Security Advisories-CVE-2016-2774: An attacker who is allowed to connect to DHCP inter-server communications and control channels can exhaust server resources (ISC Knowledge Base) In many cases, the ISC DHCP server does not effectively limit the number of simultaneous open TCP connections to the ports the server uses for inter-process communications and control. Because of this, a malicious party could interfere with server operation by opening (and never closing) a large number of TCP connections to the server

How new encryption standard could leave poor Web users exposed (The Christian Science Monitor) Even though an online encryption standard adopted Jan. 1 is meant to make the Web safer, Mozilla and Symantec opted to make an exception to the protocol so that people whose devices can't support the upgrade aren't put at risk.

Cyber Trends

More Organizations to Deploy Encryption for Cyber Risks, Privacy Compliance, and Cloud (Legaltech News) More global organizations are adopting encryption citing major security and compliance concerns

Brace for Breaches: Report Finds Cyberthreats to Legal Industry to Grow in 2016 (Legaltech News) The surge in ransomware and spear phishing attacks in 2015 will continue this year with a focus on the legal industry's sensitive data according to a report by TruShield

Inadvertent Disclosure is Legal Organizations' Most Feared Cloud App Risk: Survey (Legaltech News) The Consilio survey found many do not have a firm handle on 'shadow IT' which can cause inadvertent disclosure.

Kaspersky: A “Golden Age of Cybersecurity” is on the Horizon (Channel Futures) We may be living in the "Dark Ages of Cybersecurity," but Eugene Kaspersky believes a golden age is inevitable.


Getting your CEO fired (CSO Online) We will explore the issues of reputational damage, incident cost, stock price impact, and increased regulatory attention. We will also discuss the fate of four CEOs who have faced cybersecurity breaches in the past three years.

Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon's Cyberwar On ISIS (International Business Times) When military personnel press the red button, they could be launching malicious software against enemies of the U.S. built by familiar names.

Pentagon releases RFP for ENCORE III IT services contracts (FierceGovernmentIT) The Pentagon posted a final request for proposals last week for its ENCORE III project focused on guiding IT processes throughout the department into the future. The $17.5 billion contract will provide defense agencies with IT capabilities over the next five years

Australian cyber security firms merge in $40m deal (Financial Review) Privately owned Australian cyber security company Secure Logic has acquired fellow local firm Computer Room Solutions in a deal understood to be worth just under $40 million.

IBM a Leader Again in the 2018 Magic Quadrant for Identity Governance and Administration (IGA) (Security Intelligence) IBM was recently named a Leader, again, in Gartner's 2018 Magic Quadrant for Identity Governance and Administration (IGA).

Understanding Resilient Systems: IBM’s Latest Acquisition in the Security Space (Market Realist) IBM’s burgeoning acquisition portfolio

The Truth Behind IBM’s X-Force Incident Response Services (Market Realist) IBM’s X-Force Incident Response Services

Cisco Security Exec: Vendors Like Palo Alto, FireEye Are Selling 'Legacy Technology' (CRN) Cisco plans to transform the security marketplace with a holistic approach, saying competitors can no longer effectively compete with the networking leader.

Cyphort Takes Home Excellence Award for Best Enterprise Security Solution at SC Awards 2016 (BusinessWire) Cyphort wins SC Magazine Excellence Award for Best Enterprise Security Solution at SC Awards 2016, and also recognized on CRN’s Security 100 List.

iovation Service Named Best Multi-Factor Authentication Solution (Marketwire) iovation, the provider of device intelligence for authentication and fraud prevention, has received the "Editor's Choice for Multi-Factor Authentication Solutions" in Cyber Defense Magazine's 2016 InfoSec Awards. A panel of independent information security experts selected iovation's Customer Authentication service, which verifies a user's...

Spies Sans Frontières? (IRIN) A months-long investigation by IRIN into the secretive intelligence-linked firm Palantir reveals a bargain-basement contract with a sensitive UN agency.

Partners call on Cisco for more security marketing (Channelnomics) Solution providers discuss today's security landscape,Solution Provider,Security,Vendor ,vendor,Cisco,Solution provider,Cyber security,Dimension Data

CFIUS Report Highlights Cybersecurity Scrutiny of Tech Companies (Legaltech News) Chinese acquirers lead in CFIUS submissions while U.S. gov focuses on control of overseas U.S. tech companies.

Hacking the Pentagon could earn you some cash (CNET) A pilot program aims to help the US Defense Department beef up its networks by finding any vulnerabilities that could be exploited.

Microsoft inaugurates a new Cybersecurity Center in Korea (TWCN Tech News) Microsoft launched a Cybersecurity center in Korea.It will serve as a hub for sharing and collaborating on security technology.

CrowdStrike Expands International Presence to Meet Growing Customer Demand (BusinessWire) CrowdStrike Inc., the leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced the la

Maryland: A National Hub for Cybersecurity (LinkedIn) Cyber firms in the MD-DC market are expected to raise more than $1 billion in venture funding this year. In 2015, Maryland firms made headlines with

Products, Services, and Solutions

RSA 2016: Misconceptions and Myths Surrounding Threat Data and Threat Intelligence (Cyveillance) Last week was the annual RSA security conference in San Francisco, CA – one of the industry’s largest IT security events

Fortinet unveils its Cyber Threat Assessment Program (ARN) Cyber-security solutions company, Fortinet, has launched the free of charge Cyber Threat Assessment Program (CTAP).

BorgBackup: Deduplication with compression and authenticated encryption (Help Net Security) BorgBackup is a deduplicating backup program that supports compression and authenticated encryption. The main goal of BorgBackup is to provide an

Kaspersky expands enterprise offerings, adds partner services to security lineup (Channelnomics) Vendor announces new offerings at annual partner summit,Security ,security,Kaspersky lab,Partner programs,Cyber security

Next-Generation Malware Analysis Sandbox Now Available (Business Solutions) ThreatAnalyzer 6.0 provides advanced discovery and response for malware that evades detection

Here are the best Antivirus programs that you should have in your system (TechWorm) According to AV-Comparatives, here are the two best overall computer antivirus programs that should be running in your system

Technologies, Techniques, and Standards

What is Data Isolation & Why Does it Matter? (Information Security Buzz) Nearly one million new malware threats were released every day in 2014, with no signs of slowing down, according to Symantec’s Internet Security Threat Report. Malware, worms and other viruses can spread through a company’s network like wildfire. Getting your system and network back up and running only scratches the surface of expenses. Malware can …

Cybersecurity: What Elected and Appointed Officials Need to Know (Government Technology) A new survey notes that while data breach incidents continue to soar, 80 percent of government officials and their staff don't know if their state has a cyber emergency incident plan in place.

5 Ways to Fix the Biggest Cybersecurity Issues Law Firms Face (Legaltech News) How do you protect your law firm from a seemingly indefensible threat?

Companies Need to Remember Regulatory, Legal Requirements When Addressing IoT (Legaltech News) The AT&T report reminds companies that regulatory and legal requirements should remain an Internet of Things concern.

The Stupidly Simple Spy Messages No Computer Could Decode (The Daily Beast) Every day, hour after hour, the world’s spies send top secret information you can easily listen in on.

Design and Innovation

The US Air Force now has two fully operational cyberspace weapon systems (ZDNet) New system aims to track and engage advanced persistent threats.

Linked to bullying and even murder, can anonymous apps like Kik ever be safe? (the Guardian) Questions over whether the benefits of anonymous apps - such as giving children a space to explore sensitive issues - can outweigh the risks they pose


How MIT & Cambridge University Students Pooled Their Brainpower for Cybersecurity (BostInno) Last year, President Barack Obama and British Prime Minister David Cameron announced that MIT and Cambridge University in the U.K. would be joining forces for the good of global cybersecurity

Legislation, Policy, and Regulation

GCHQ admits £1bn spend on cyber security 'hasn't worked' (Computing) We've spent quite a lot of money, but still failed, admits CESG director Dewedney,Security ,GCHQ,Cyber security

The long road ahead: Obama’s cybersecurity action is a step toward change (TechCrunch) President Obama’s recent announcement of the creation of the Cybersecurity National Action Plan (CNAP) made waves across government and tech audiences, as it proposed a $19 billion budget to bulk up cybersecurity across the U.S. government and the private sector. While the announcement seemed abrup…

Reminder: You Should Care About Mass Surveillance, Even if You’ve Done Nothing Wrong (Just Security) This post is the latest installment of our “Monday Reflections” feature, in which a different Just Security editor examines the big stories

Former NSA Director: An Apple Encryption Backdoor Would Endanger National Security (Fusion) Michael Hayden, former NSA and CIA director, said the FBI’s request could lead to exploitation by foreign powers.

Remarks of Assistant Secretary Strickling at ICANN/GAC High Level Governmental Meeting (National Telecommunications and Information Administration) I am pleased to be here today at the third GAC High Level Governmental Meeting. I would like to thank the government of Morocco for the invitation and Minister Elalamy for the hospitality and generosity he has shown all of us

FTC reports big jump in identity theft; may bring heavy regulation on data security (C4ISR & Networks) The Defense Department recently issued a military-wide cybersecurity discipline implementation plan, a document that aims to hold leaders accountable for cybersecurity up and down the chain of command and report progress and setbacks

FAA Working on New Guidelines for Hack-Proof Planes ( Researchers have been invited to build upon an FAA-developed framework for testing a plane’s susceptibility to hacks.

HHS seeks industry pros to join healthcare cybersecurity task force (Healthcare IT News) Nominations period open for one more week as the federal agency looks to tackle concerns over a string of high-profile breaches.

St. Louis Offers Free Land for Spy Agency Site (CBS St. Louis) A federal spy agency is weighing offers of free land on both the Missouri and Illinois sides of the St. Louis area as it considers where to relocate its national headquarters.

Litigation, Investigation, and Law Enforcement

Apple vs FBI: San Bernardino DA Michael Ramos admits 'dormant cyber pathogen' remark was nonsense (International Business Times UK) Security industry and social media users both slammed the 'fearmongering' remarks online.

Clinton, on her private server, wrote 104 emails the government says are classified (Washington Post) She wasn’t the only one who sent sensitive information over non-secure systems, review finds.

Clinton defends classified material during Fox town hall (Washington Examiner) Hillary Clinton defended her use of a private e-mail server when pressed on her knowledge of the issue during her first appearance on Fox News in the past two years.

Were Hillary Clinton’s Emails Classified? Where You Stand Depends on Where You Sit (War on the Rocks) The debate about former Secretary of State Hillary Clinton’s private email server is generating a great deal of heat, but not much light. Let’s start off

FCC cracks down on Verizon Wireless for using ‘supercookies’ (Washington Post) At latest sign that the FCC is getting serious about privacy.

Venezuela enters round two of fight against “cyber-terrorism” U.S. website (Miami Herald) Venezuela’s Central Bank is taking a second stab at a popular website that it’s accusing in U.S. courts of sabotaging the economy and undermining the government.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share...

Upcoming Events

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Pwn2Own 2016 (Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...

ICCWS 2016 (Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, March 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.