skip navigation

More signal. Less noise.


Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at

Daily briefing.

The US Department of Justice no longer needs to meet Apple in court. The FBI says it's gained access to the San Bernardino jihadi's iPhone. How it gained access and what it found there remain publicly unknown, but the Bureau is still widely believed to have availed itself of Cellebrite's forensic services.

Yesterday personnel reporting to MedStar Health hospitals in the Baltimore and Washington regions of the US found their systems inaccessible. MedStar detected malware in its networks and as a precaution shut down email and medical record database. Early speculation suggests a ransomware attack. The FBI is investigating.

Ransomware continues to be a growing problem, with more attempts against mobile devices reported. Phishing continues to be a common ransomware vector. Note that one of the more virulent strains currently in circulation—"Petya"—is often downloaded by victims opening an infected resume from an online document-sharing site.

The Turla spyware Trojan is successfully working around command-and-control server takedowns by hijacking satellite Internet links.

As US point-of-sale systems move, slowly, toward general adoption of chip-and-pin technology, FireEye says it's seeing a spike in exploits directed against legacy card-swipe systems: criminals are rushing to get their last shots in against the older technology.

A developer accidentally exposed a very large database of personally identifiable information as he set up a demo for Thailand's Immigration Police. About two thousand foreigners working in Thailand had their data compromised.

Weev makes an unwelcome return to the news, hacking poorly secured printers to spew anti-Semitic propaganda.


Today's issue includes events affecting Abkhazia, Bangladesh, Canada, China, European Union, France, Georgia, Germany, Iraq, Israel, Pakistan, Palestine, Russia, Syria, Thailand, United Kingdom, United States.

Catch the CyberWire's Daily podcast this afternoon, including a discussion with Zimperium on how they've integrated their mobile security solution with a big telecom's offering. We'll also hear from Accenture Labs' Malek Ben Salem, who takes up the timely and topical question of healthcare security.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Virus causing major outages at MedStar Health (WMAR ABC2) The FBI says it's investigating a computer virus that has crippled information systems at the major Washington-area hospital chain MedStar Health Inc

Virus infects MedStar Health system’s computers, forcing an online shutdow (Washington Post) A virus infected the computer network of MedStar Health early Monday morning, forcing the Washington health-care behemoth to shut down its email and vast records database and raising additional concerns about the security of hospitals nationwide

Ransomware attack hits MedStar Health, network offline (CSO) Medical group forced to use paper and pen after suspected Ransomware attack

FBI investigating cyber attack at MedStar Health (Baltimore Sun) Hackers attacked the computer system at MedStar Health on Monday, forcing thousands of employees in the state's second-largest health care provider to resort to paper medical records and transactions

FBI probing virus behind outage at MedStar Health facilities (WTOP) Hackers crippled computer systems Monday at a major hospital chain, MedStar Health Inc., forcing records systems offline for thousands of patients and doctors. The FBI said it was investigating whether the unknown hackers demanded a ransom to restore systems

Opening a New Front: Ransomware Hits Mobile Devices (Legaltech News) Alongside data “leakage” and operating system vulnerabilities, sophisticated ransomware attacks are became a top threat to mobile devices

FBI warns of growing cyber extortion through ransomware (Reuters via Business Insurance) The FBI is asking businesses and software security experts for emergency assistance in its investigation into a pernicious new type of “ransomware” virus used by hackers for extortion

Petya ransomware leverages Dropbox and overwrites hard drives (SC Magazine) Trend Micro researchers spotted a new ransomware variant dubbed Petya that is delivered to victims who believe they are linking to a resume stored on a cloud storage site like Dropbox

Are you really confident you could spot a phishing scam? (Graham Cluley) A successful phishing attack can be child's play, if the attacker is determined enough

Satellite Turla: still alive and hiding in the sky (Kaspersky Business) Law enforcement agencies, with the help of leading IT security providers, are keen on blocking all the malware Command & Control servers they find. Sometimes, they efficiently shut down massive botnets by putting their controlling structure out of business. But one of the most advanced threat actors is still out there

Printers all over the US “hacked” to spew anti-Semitic fliers (Help Net Security) Andrew “Weev” Auernheimer, one of the two men who were prosecuted and convicted for harvesting e-mails and authentication IDs of 114,000 early-adopters of Apple’s iPad from AT&T’s servers, is back to his old tricks: using publicly accessible assets for furthering his own goals

Anonymous Relaunches #OpCanary, Targets Canadian Mining Firm (Hack Read) BCGold Corp becomes the newest victim of Anonymous’ operation against multinationals

FireEye says hackers are racing to compromise POS systems (PC World) The transition to chip-based cards appears to have spurred cybercriminals to quickly find the low-hanging fruit

Developer Accidentally Leaks Details of Thailand Expats While Testing Website (Softpedia) A local developer has made a gaffe for the ages when he set up an improperly protected demo for a site commissioned by Thailand's Immigration Police

WUP! There It Is: Privacy and Security Issues in QQ Browser (Citizen Lab) Both Windows (v9.2.5478) and Android (v6.3.01920) versions of web browser QQ Browser transmit personal user data to QQ servers without encryption or with easily decryptable encryption, and are vulnerable to arbitrary code execution during software updates

As SAT was hit by security breaches, College Board went ahead with tests that had leaked (Reuters) Internal documents show that the U.S. college entrance exam has been compromised in Asia far more often than acknowledged. And the newly redesigned SAT retains a key vulnerability that the test-prep industry has exploited for years

NorthBit Releases Metaphor Source on Github (XDA Developers) NorthBit Advanced Software Research released on Thursday source code related to their Metaphor exploit of Stagefright to the public. Metaphor has been making its run through the news cycle due to the large footprint of devices likely affected

Bulletin (SB16-088) Vulnerability Summary for the Week of March 21, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

As Apple battles the FBI, Microsoft just created a special government version of Windows 10 for China (BGR) Thanks to Apple’s recent legal wrangling with the FBI (which has seemingly come to an end), issues such as mobile encryption and government surveillance have been thrust into the spotlight

Instagrammers really want you to turn on notifications to avoid death by algorithm (TechCrunch) Instagram today is an endless sea of meaningless posts asking you to turn on post notifications for each account you follow

iOS 9.3 Web Links Bug Causes Apps To Crash (InformationWeek) In the wake of a bricking problem with older iPhones and iPads, users who have downloaded iOS 9.3 are now encountering a separate issue that is causing apps to crash or freeze when launched. This time, Apple may not be to blame

Cyber Trends

Dark Web’s Got a Bad Rep: 7 in 10 People Want It Shut Down, Study Shows (Wired) Speculation—no matter how baseless—that online black markets for weapons helped make the terrorist attacks in Paris and Brussels possible hasn’t helped the reputation of the dark web’s anonymous corner of the internet. But one new study shows that even before that dubious link between online anonymity and terror attacks, global opinion on the dark web was already overwhelmingly negative


Defence groups take aim at cyber security (Financial Times) BAE Systems and Raytheon are helping companies fend off attacks

Bromium’s Post-Money Valuation Is Sliced in Half in Down Round (Wall Street Journal) Cybersecurity startup Bromium has raised $40 million in funding at a down round to its previous valuation, a move that comes as the sector is beginning to feel the pinch of changing market dynamics

Force 3 acquired by Texas-based IT integrator (FedScoop) Crofton, Maryland-based Force 3 will operate as Sirius Computer Systems' federal subsidiary

Mach37 Cybersecurity Accelerator Announces Spring 2016 Cohort ( The cybersecurity industry is predicted to double by 2020 and the DC metro area is the center of cybersecurity innovation in the US. Therefore it should be no surprise that the premiere accelerator for information security startups and entrepreneurs calls this area home. The accelerator is Mach37 and they’ve just announced their most recent cohort

DHS, GSA to spend $11M on new cyber tools, readies phase 3 of CDM (Federal News Radio) The Homeland Security Department’s continuous diagnostics and mitigation (CDM) program had a quiet fall and winter, but seems to be ramping up for the spring

DHS continues to find-and-replace cyber talent (Federal News Radio) The Homeland Security Department seems to be on a never-ending find-and-replace mission when it comes to cybersecurity experts

Security and Intelligence Pioneer Joanne Isham Joins HyTrust Federal Advisory Board (BusinessWire) New board member brings extensive experience with government intelligence organizations

Kroll Appoints Stephen Kopeck Associate Managing Director, Cyber Security and Investigations Practice (BusinessWire) Former U.S. Secret Service Forensics and Incident Response Special Agent brings law enforcement and private industry experience to cyber practice

Mobile Security Firm Shevirah Gets New CEO, Sets Sights on Enterprise (eWeek) Mark Longworth, the inventor of the NetWitness technology, joins the mobile security startup as it looks to make an enterprise push

Splunk Announces Susan St. Ledger to Join as Chief Revenue Officer (BusinessWire) Salesforce Chief Revenue Officer of marketing cloud hired to drive revenue growth

KoolSpan Appoints Julie Holdren, Cybersecurity and Technology Industry Visionary, as Chief Operating Officer (BusinessWire) -KoolSpan, Inc., a leading provider of interoperable secure voice and messaging solutions for mobile phones, announced today that it has appointed Julie Holdren as its Chief Operating Officer and Vice President of Products

Products, Services, and Solutions

CloudLock Unveils Breakthrough Method for Isolating True Security Threats From Among Billions of Suspicious User Activities (CloudLock) Q1-16 Cybersecurity Report: the CloudLock CyberLab's "Cloud Threat Funnel" methodology reveals distinct user behavior patterns, helping businesses lock into only the real threats

AlgoSec Supports Unified, Automated Security Policy Management Across Microsoft Azure (Algosec) Support for Microsoft Azure delivers comprehensive visibility, fully automated change management, risk assessment and auditing

Ntrepid Announces Key Enhancements to Passages Enterprise (BusinessWire) Secure virtual browser provides best-in-class anti-malware tools and offers new customized options and greater user experience

FireEye's Mandiant Red Team Operations to Curb Cyber-Attack Risk (Gadgets 360) US-based network security company FireEye on Monday launched the "Mandiant Red Team Operations" a set of objectives-based assessments that conduct no-holds-barred attacks on organisations to highlight weakness in systems or procedures and to enhance detection and response capabilities

AhnLab boosts security service for Amazon cloud clients (Korea Times) AhnLab said Monday it is pushing its remote security controls to clients using Amazon's cloud services

Technologies, Techniques, and Standards

UK government now offers secure online identities using FIDO U2F standards (FierceBigData) The new open authentication standard FIDO U2F changes the username plus password model to provide secure online identities for users

Cybersecurity Framework feedback shows need for update process, best practices, awareness (FierceGovernmentIT) Themes from the received comments will be discussed at the Cybersecurity Framework Workshop in April

NIST Cybersecurity Framework Adoption Linked to Higher Security Confidence According to New Research from Tenable Network Security (BusinessWire) More organizations plan to adopt the NIST Cybersecurity Framework in the next 12 months than any other IT security framework, yet many struggle to implement the full range of best practices

Countering Cyber Adversary Tradecraft (Tripwire: the State of Security) Why and how do cyber adversaries – criminals, spies, competitors, activists – continue to find success in fraud, extortion, espionage and sabotage?

Neighborhood Watch: Identifying Early Indicators of the Central Bank of Bangladesh Heist (Recorded Future) Utilizing stolen SWIFT credentials, hackers recently targeted the Central Bank of Bangladesh, ultimately stealing over $87 million via transfers through multiple financial institutions

Legislation, Policy, and Regulation

U.S. and Germany expand cyber cooperation (FCW) The United States and Germany are taking a "whole-of-government" approach to their collaboration in cybersecurity, according to a joint statement released by the State Department after two days of talks

With or without evidence, terrorism fuels combustible encryption debate (Christian Science Monitor Passcode) The encryption issue has become indelibly linked to the broader debate in Europe, the US, and South America over how to balance individual liberties with matters of national security and law enforcement

DHS Seeks Advice on Building a Cyber-Attack Database (Defense One) The Department of Homeland Security admits there could be drawbacks to the idea, including a spike in the cost of insurance

FCC Chair Proposes New Broadband Rules (Lexology) One year ago, in March 2015, the Federal Communications Commission (“FCC”) reclassified broadband Internet access service as a common carrier Telecommunications Service subject to regulation under Title II of the Communications Act

American privacy in the digital era should not be for sale (TechCrunch) On March 31, The Federal Communications Commission will vote to start the process of updating the rules protecting the privacy of our phone calls to include the protection of our broadband connections

States prepare to take up consumer data privacy fight (FierceBigData) Most of the focus on protecting consumer data privacy so far has been at the federal level

U.S. Beefs Up Cyber Defenses to Thwart Hacks of Nuclear Arsenal (Bloomberg) The U.S. military is beefing up cyber defenses to counter threats by hackers trying to gain access to nuclear missiles and other weapons

Litigation, Investigation, and Law Enforcement

Justice Department cracks iPhone; withdraws legal action (San Deigo Union Tribune) The FBI said Monday it successfully used a mysterious technique without Apple Inc.'s help to hack into the iPhone used by a gunman in a mass shooting in California, effectively ending a pitched court battle between the Obama administration and one of the world's leading technology companies

FBI Breaks into Terrorist’s Encrypted iPhone (Threatpost) A six-week public standoff between Apple and the FBI ended today when the Department of Justice said it had accessed encrypted data stored on the San Bernardino terrorist’s iPhone

The Apple-FBI showdown is over (Quartz) The FBI says it has gained access to the iPhone used by one of the San Bernardino shooters—without Apple’s help—and is now requesting an end to its legal action against the company

Did the FBI Just Unleash a Hacker Army on Apple? (Daily Beast) When the tech giant wouldn’t unlock a San Bernardino terrorist’s iPhone, the FBI initiated legal action—then found another way to get the information it needed

Apple likely can’t force FBI to disclose how it got data from seized iPhone (Ars Technica) "It is an important test for the government's disclosure policy"

FBI hack may raise questions about iPhone security (IDG via CSO) The FBI has told a court that it was able to access data stored on an iPhone 5c running iOS 9

Why Everyone Loses in Apple’s Fight Against the FBI (Fortune) It’s time for the U.S. government to work with the tech industry

What the Founders Would Say About iPhone Unlock Case (Fenwick & West) In a criminal investigation, if important information were behind a locked vault and the vault manufacturer had a master key to access the vault, the government would be on solid grounds to request this master key. But what if no master key existed?

American Tech Giants Face Fight in Europe Over Encrypted Data (New York Times) Silicon Valley’s battle over encryption is heading to Europe

Only One Large Federal Agency Gets an ‘A’ for Cybersecurity, Government Report Finds (Legaltech News) The annual Office of Management and Budget report saw the average ‘cybersecurity assessment’ score for large agencies drop 8 percent

Israeli UAVs hacked by terrorist organization Islamic Jihad (C4ISR & Networks) The terrorist organization Islamic Jihad has hacked into imagery from Israeli UAVs

Long Before Brussels, ISIS Sent Terror Operatives to Europe (New York Times) The day he left Syria with instructions to carry out a terrorist attack in France, Reda Hame, a 29-year-old computer technician from Paris, had been a member of the Islamic State for just over a week

‘The target was Christians,’ Pakistani Taliban says of Lahore Easter attack (Long War Journal) The spokesman for a faction of the Movement of the Taliban in Pakistan said that the group intentionally targeted Christians in a suicide bombing which killed and wounded hundreds of women and children on Easter Sunday

Hundreds of Islamic extremists protest in Pakistan's capital (AP) Hundreds of Islamic extremists who earlier violently protested in Islamabad over the hanging of a man who killed a secular governor continued their demonstrations in Pakistan's capital on Tuesday, despite warnings from the government targeting extremists

This Controversial Instagram Account Lets You Decide Whether ‘ISIS Fighters’ Live Or Die (Task and Purpose) An Iraqi militia is using Instagram as a platform to try, convict, and sentence ‘ISIS fighters’ to death

The American Anti-Vaccine Mom Turned ISIS Superstar (Daily Beast) The feds say Safya Yassin was a propaganda machine for the Islamic State, even once threatening FBI agents with death. Friends and family say she was a harmless, lonely mother to an autistic boy who was desperate for connection

Court papers: Woman to plead guilty to terrorism charge (AP) A young Mississippi woman plans to plead guilty to a terrorism charge Tuesday, months after authorities say she and her fiance tried to go to Syria to join the Islamic State group

Navy official gets 46 months for bribes, prostitutes (Federal Times) A Navy captain was sentenced to 46 months in prison on March 25 for disclosing classified information to a foreign contractor in exchange for bribes of alcohol, luxury hotel stays and prostitutes

Six Suspects Arrested for Manipulating 5 Card Cash Lottery Game Terminals (Tripwire: the State of Security) Six people have been charged with manipulating terminals to produce more winning tickets for the 5 Card Cash lottery game

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...

Cloud Security Expo 2016 (London, England, UK, April 12 - 14, 2016) Cloud Security Expo is a cloud security event with over 80 dedicated cloud security exhibitors, seven streams of content, over 150 security speakers, and 40 real cloud security and compliance case studies.

ACSC Conference 2016 (Canberra, Australia, April 12 - 14, 2016) The ACSC Conference 2016 will bring together experts from Australia and abroad to discuss trends, mitigations and advances in cyber security. CEOs, CIOs, CISOs, CTOs, ICT Managers, ITSAs, ITSPs, IRAP Assessors,...

2016 Cybersecurity Symposium ( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes...

6th European Data Protection Days (EDPD) (Berlin, Germany, April 25 - 26, 2016) The EDPD Conference will provide participants from the business side with all the important news and updates for the international data protection business at a high level. These include key developments...

3rd East Africa Cyber Defense Convention 2016 (Nairobi, Kenya, April 29, 2016) Building on the success of previous conventions series in the last two years and with insights from cybersecurity experts, participants at this conferene learn how organisations should successfully respond.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in...

Upcoming Events

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.