skip navigation

More signal. Less noise.


Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at

Daily briefing.

MedStar continues its recovery from the malware infection the hospital system sustained Monday. Investigators (including the FBI) remain tight-lipped, but various anonymous sources close to the case but not authorized to speak are telling the press that MedStar was hit by ransomware. There are plenty of possible ransomware variants under speculative suspicion, prominent among them of course being SamSam, Maktub, and, especially, PowerWare. But this remains speculation.

There's much advice on protecting yourself from ransomware, including the usual counsels about backing up files and developing emergency plans for continuity of operations. Some variants have now evolved their delivery mechanisms to seek out and target unpatched systems, thereby dispensing with the traditional need for some user interaction.

Bitdefender's offering a free tool said to provide prophylaxis (for now) against Locky, TeslaCrypt and CTB-Locker.

Symantec finds a new cyber espionage Trojan, Backdoor.Dripion. Most of its targets are in Taiwan, but infestations have also been reported in Brazil and the United States.

Cheetah Mobile reports discovering a remote execution vulnerability in the Truecaller phonecall management app.

Law firms take note—a Russian gang is after your clients' data.

As the FBI continues to do whatever it's doing to the San Bernardino jihadi's iPhone, Apple serves notice that it wants that whatever disclosed. And the Justice Department says it won't hesitate to litigate again to gain access to encrypted devices.

CNBC committed an unpleasant gaffe in a story on password strength—the posted story collected and exposed actual passwords. (CNBC has retracted the story.)


Today's issue includes events affecting Australia, Brazil, China, Germany, Israel, Kenya, Russia, Taiwan, United Kingdom, United Sates.

Catch the CyberWire's Daily podcast this afternoon, including the second half of our discussion with Zimperium on how they've integrated their mobile security solution with a big telecom's offering. We'll also hear from the University of Maryland's Markus Rauschecker on the surprising (to some) popularity of the NIST framework.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Washington’s MedStar computers down for second day after virus (Reuters via Business Insurance) MedStar Health’s computer systems remained offline on Tuesday for the second straight day after the nonprofit, one of the biggest medical service providers in the U.S. capital region, shut down parts of its network to stem the spread of a virus

Two more healthcare networks caught up in outbreak of hospital ransomware (Ars Technica) New server-targeting malware hitting healthcare targets with unpatched websites

New Server-Side Ransomware Hitting Hospitals (Threatpost) Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub

Ransomware scum sling PowerShell, Word macro nasty at healthcare biz (Register) PowerWare does its dirty work via booby-trapped files

Warning over 'nasty' ransomware strain (BBC) The FBI is seeking help from US firms as it investigates a nasty strain of ransomware

New Ransomware Installers Can Infect Computers Without Users Clicking Anything, Say Researchers (iDigitalTimes) Ransomware infections have seen exponential growth in 2016, as security researchers report both old encrypting malware like Cryptolocker and new versions like Locky are utilizing craftier methods to attack machines and encrypt files before victims even realize what’s happened

Patch or Pay: 4 Recent Vulnerabilities Tied to Ransomware (Recorded Future) Hollywood Presbyterian Medical Center’s February ransomware attack was a wake-up call as a likely random attack significantly impacted a 434-bed acute-care facility

Taiwan targeted with new cyberespionage back door Trojan (Symantec) Backdoor.Dripion was custom developed, deployed in a highly targeted fashion, and used command and control servers disguised as antivirus company websites

Remotely Exploitable Flaw in Truecaller Leaves Millions of Android Devices Vulnerable (Cheetah Mobile) Recently, security researchers from the Cheetah Mobile Security Research Lab discovered a loophole in the popular phone call management application Truecaller

Badlock Vulnerability Clues Few and Far Between (Threatpost) Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website

Russian cyber criminal targets elite law firms (Crain's Chicago Business via Business Insurance) A Russian cyber criminal has targeted nearly 50 elite law firms, including four in Chicago, to collect confidential client information for financial gain

CNBC just collected your password and shared it with marketers (IDG via CSO) CNBC withdrew a story from its website Tuesday that described good password practices after a tool included in the piece actually collected and exposed the passwords. An exercise in password security went terribly wrong, security experts say

Repeated DDoS Attacks Force Coinkit Bitcoin Wallet to Close Down Web Service (Softpedia) Coinkite, one of the earliest Web-based Bitcoin wallet services announced today plans to discontinue its service and focus on a hardware-based Bitcoin products, all because of a barrage of relentless DDoS attacks

SportPursuit coughs to being hacked. When? What got nicked? They ain't saying (Register) Firm doesn't hold card details – except when it does

Grand Ole Opry owner victim of cyber 'spear phishing' of personnel info (Business Insurance) The operator of the Grand Ole Opry, among other properties, said it has fallen victim to a “spear phishing” scheme in which employee W-2 information was sent to cyber criminals

Chinese scammers take Mattel to the bank, Phishing them for $3 million (CSO) Thieves took advantage of a recent company shakeup and corporate policy regarding payments

From NY To Bangladesh: Inside An Inexcusable Cyber Heist (Dark Reading) A spelling error was the tipoff to last month's multimillion-dollar digital bank heist. But could multifactor authentication have prevented it in the first place?

Anonymous Rickrolls Kenyan Petrol Refinery as Part of Its Anti-Corporations Op (Softpedia) After resurrecting #OpCanary two days ago, Anonymous hackers are continuing their defacement spree with a new rickroll of another corporation, this time of Kenya Petroleum Refineries Limited, as part of their #OpAfrica campaign, operation that also has an anti-corporations component

Security Patches, Mitigations, and Software Updates

New alerts for Gmail users targeted by state-sponsored attackers (Help Net Security) Since 2012, Google has been warning Gmail users when they have been targeted by state-sponsored attackers, but now the alert will be even more visible (and therefore less likely to be overlooked or ignored)

Cyber Trends

Top computing awards show growing importance of cybersecurity (Reuters) A California computer scientist who has studied the economics of cybercrime and pushed the auto industry to address hacking threats to vehicles will be awarded one of the world's top computing prizes on Wednesday, underscoring the central role that cybersecurity plays in business and government

Will compliance-driven investment help or hinder information security? (Ikanow) If information security is your objective, compliance should not be your north star. However, data show that for most organizations compliance is the driver of information security investment. That means compliance is also the objective and information security is not necessarily the intended outcome

FireMon State of the Firewall Report Highlights the Important and Changing Role Firewalls Play in Network Security (Firemon) Majority of survey respondents stated firewalls are as or more critical than ever, but also recognize the need to stay relevant given the increase of new technology implementations

BYOD Policies Struggle to Strike Balance Between Productivity and Security: Survey (Legaltech News) As productivity takes priority, employees concerns over security and overtaxed IT departments plague BYOD adoption

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous (Part 2) (Legaltech News) Cybersecurity presents new challenges for the C-suite and those individuals directly responsible for corporate cybersecurity, IT and personnel

Infographic: One-third of CEOs are never updated on cyberattacks, survey finds (FierceITSecurity) A disturbing one-third of U.S. CEOs and other C-level executives are never updated on cyberattacks against their organization

Most Federal Agencies Have Suffered A Data Breach (Dark Reading) Vormetric report indicates that security spending in federal agencies hampers modern security techniques to safeguard critical data

Teens would sell their personal data instead of working (Naked Security) Teens are well aware of the value of their personal data


What's driving cyber spending in the federal market? (Washington Technology) For cybersecurity companies mapping out federal sales strategies in 2016 and beyond, it’s important to understand the nature and extent of the threat landscape that will influence buying decisions

Self-driving vehicles could change insurance landscape for carmakers, suppliers (Business Insurance) The spread of self-driving vehicles could have significant insurance implications for automobile manufacturers and suppliers, according to a report released Tuesday by Moody's Investors Service Inc

Software company acquires specialty property/casualty analytics firm (Business Insurance) Guidewire Software Inc. said Tuesday that it has acquired EagleEye Analytics

Dell's Risky Business: Cybersecurity (Forbes) Dell, Inc. is juggling so many cybersecurity brands it’s hard to keep track. If it gets too confusing, then CIOs, CISOs (chief information security officers) and IT security buyers may back off the Dell cyber products and services until they hear a cohesive message from the tech giant

Losses Nearly Doubled at Dell’s IPO-Bound SecureWorks (re/code) SecureWorks, the Dell-owned computer security firm that is on its way to an IPO later this year, posted a steeply higher loss in its most recent fiscal year, ended Jan. 29, according to its latest filing with the U.S. Securities and Exchange Commission

SAIC CEO: Scitor acquisition not a 'drag on our business' despite revenue declines (Washington Business Journal) Science Applications International Corp. (NYSE: SAIC) beat earnings estimates Tuesday and impressed Wall Street — the stock soared close to 10 percent by late morning

Security Startup Virta Labs Receives $750K Grant for Healthcare Security ( Virta Laboratories, Inc. provides comprehensive tools for cybersecurity risk management in healthcare

WashingtonExec Hosts Launch Party for Forcepoint (WashingtonExec) On February 23rd WashingtonExec helped host Forcepoint‘s company launch party with over 50 guests from the defense, intelligence and civilian contracting sectors

Cybersecurity Defense Focus Strengths In UK (Pymnts) Cybersecurity defense groups are stepping in to help companies better protect their data and strengthen their security. Firms like BAE Systems, Raytheon, Ultra Electronics and others are bringing the expertise they have garnered over decades of helping governments and military forces to private entities in need of the same services

BlackBerry could stand to benefit after U.S. authorities hack iPhone (Business News Network) BlackBerry Inc. could benefit from the U.S. Federal Bureau of Investigation’s successful unlocking of the San Bernadino gunman’s iPhone as major smartphone makers look to shore up security on their devices

Unisys Beefs Up Executive Roster (CRN) Unisys appointed two new top-level executives this week, hiring Andy Stafford as the company's new senior vice president of services, a day after the company said Inder M. Singh would join as senior vice president, and chief marketing and strategy officer

Illumio Grows Investment in Talent With the Appointment of Emily Couey as VP of People (Sys-Con Media) Former Eventbrite executive to lead Illumio's employee growth and development as adoption of company's adaptive security technology grows rapidly

Bitdefender Promotes Mihaela Paun & Ciprian Istrate to Vice President Roles to Cement Gains in Consumer Business Operations (PRNewswire) Bitdefender has promoted Mihaela Paun to Vice President Consumer Sales and Marketing and Ciprian Istrate to Vice President Consumer Solutions, to further accelerate the impressive development of the company

Webroot Appoints Neil Stratz and Chad Bacher to Executive Team (PRNewswire) Industry veterans join Webroot leadership to drive global sales and lead product innovation

Products, Services, and Solutions

Free Bitdefender tool prevents Locky, other ransomware infections, for now (IDG via CSO) The tool tricks Locky, TeslaCrypt and CTB-Locker ransomware into believing that computers are already infected

Belkin's Portfolio Of Secure KVM Switching Solutions Earns NIAP Common Criteria Certification (PRNewswire) KVM leader sets benchmark for NIAP PP3.0 and introduces new products that secure the desktop while improving user experience and reliability

Microsoft's SCCM manages security patches, but might not be secure itself (FierceITSecurity) Adaptiva teams with Windows Management Experts to offer SCCM auditing service

Add IRM, data security and encryption to any app (Help Net Security) Vera launched its new IRM-as-a-Service (IRMaaS) product, allowing developers to use Vera’s data security platform to build encryption, tracking, policy enforcement, and access control into custom business applications

Web application security with Acunetix (Help Net Security) Securing the web applications of today’s businesses is perhaps the most overlooked aspect of securing the enterprise

CyberArk Earns U.S. Department of Defense UC APL Certification (BusinessWire) CyberArk is the first comprehensive privileged account security solution provider on the list of cyber security products approved for use within Federal Agency Infrastructures

Corero Network Security passes industry milestone (Proactive Investors) Cyber security group's flagship product earns praise in tests

Technologies, Techniques, and Standards

Providers should assess breach readiness after MedStar hack (Health Data Management) With reports from MedStar Health indicating that the system’s computer systems remain down a second day after a cyber attack Monday, providers have a new sense of urgency in ensuring they have firm plans for responding to a breach

What terrorism investigations can teach us about investigating cyber attacks (Network World) Security professionals need to ditch the IT-based approach to investigating breaches and take a page from their law enforcement counterparts

When it comes to cybersecurity, don't overlook staff education (FierceHealthIT) In April 2014, the FBI issued warnings about the healthcare industry's vulnerability to cyberattacks

Monitoring suspicious behavior of employees key to better cloud security (FierceITSecurity) Monitoring suspicious behavior of employees could be the key to better cloud security

Don’t get stuck with dead end User Behavior Analytics (Help Net Security) UBAAs the frequency of sophisticated cyberattacks continue to increase, User Behavior Analytics (UBA) has taken center stage

How to Prepare for a DDoS Attack (Radware) Our 2015-2016 Global Network & Application Security Report documented that 51% of businesses suffered a DDoS attack in 2015

5 Steps to Protect Your Small Businesses From a Data Breach (Business 2 Community) In today’s business climate there are many ways businesses face risks

Hunters: a rare but essential breed of enterprise cyber defenders (ComputerWeekly) They wait, they watch, they search the outer reaches of networks and the darkest corners of the web, setting traps, crafting tools, collecting evidence and going in pursuit: they are the hunters

Taking the pulse of your information security culture (Computerworld) Anyone who has been a manager in a company of a reasonable size understands the concept of corporate culture

Design and Innovation

Internet of Things Security Will Get "a Lot Worse Before It Gets Better" (Inverse) We have a long way to go before we can really trust the IoT

IoT device makers need to incorporate security early on, says Gemalto's Hart (FierceITSecurity) As Internet of Things device makers and service providers rush to deploy and connect IoT devices, the security risks associated with these devices are proliferating

Creating secure devices for the Internet of Things (Help Net Security) Creating secure devicesThe Internet of Things (IoT) and subsequent explosion of connected devices have created a world of opportunities we might never have anticipated

A real life guide to protecting sensitive data in an IoT world (EnterpriseAppsTech) I attended the 2016 RSA Security Conference in San Francisco earlier this month. On the first day of the conference, the Trusted Computing Group (TCG) presented a half-day seminar entitled “Securing the IoT with Trusted Computing”


Air Force Association Announces New CyberPatriot Competition Award (Homeland Security Today) The Air Force Association (AFA) has announced the creation of a new recognition for exceptional CyberPatriot competitors

Legislation, Policy, and Regulation

Trident upgraded to protect against cyber attack (Telegraph) The Trident missiles will be updated amid growing worries defence computers and systems could be vulnerable to cyber attacks from Russia, China, groups such as Islamic State or organised crime gangs

Dunford: U.S. has work to do in cyber deterrence (FCW) The U.S. military still has a lot of work to do to improve its ability to deter adversaries in cyberspace, according to the country's top general

MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law (HIT Consultant) The FBI is investigating a Monday cyber attack by anonymous hackers that forced MedStar Health’s 10 hospitals and more than 250 outpatient centers to shut down their computers and email

Homeland Security subcommittee calls for strengthened cyber insurance role (Business Insurance) Insurer advocates are hailing a U.S. House of Representatives panel's examination of the role cyber insurance can play in risk management

Privacy watchdog chairman resigns two years before end of term (The Hill) The first-ever head of a small federal privacy watchdog is resigning this summer, a year and a half before his term ends in 2018

U.S. Secretary of Commerce taps Rapid7 CEO as an adviser (Boston Business Journal) The U.S. Secretary of Commerce has appointed Corey Thomas, CEO of Boston-based cybersecurity firm Rapid7, along with 16 other tech leaders from around the country to serve on the U.S. Commerce Department's Digital Economy Board of Advisors

Australia hunts copyright infringers with anti-piracy code boost (IT Pro Portal) Australia has recently published its “three strikes” anti-piracy code which may compel internet service providers to provide customers’ details to TV and movie studios after they have been warned over alleged copyright infringement three times. Read more:

Litigation, Investigation, and Law Enforcement

Court vacates iPhone hack order against Apple, focus shifts to New York (IDG via CSO) The order was vacated after the FBI said it had accessed data on a terrorist’s phone

US says it would use “court system” again to defeat encryption (Ars Technica) Feds say they can force entire tech sector, not just Apple, to disable security

Apple wants the FBI to reveal how it hacked the San Bernardino killer's iPhone (Los Angeles Times) Apple Inc. refused to give the FBI software the agency desperately wanted. Now Apple is the one that needs the FBI's assistance

How the FBI Cracked the iPhone Encryption and Averted a Legal Showdown With Apple (ABC News) An urgent meeting inside FBI headquarters little more than a week ago is what convinced federal law enforcement officials that they may be able to abandon a brewing legal fight with tech giant Apple, sources told ABC News today

FBI cracks *that* iPhone (Naked Security) Big news! The Superbowl of cryptographic lawsuits is over, abandoned shortly before the final period of play

Cellebrite confirmed as FBI’s third party in iPhone security case (Developing Telecoms) Israeli firm Cellebrite has been identified as the third party that provided assistance to the US government in bypassing Apple’s iPhone security

There is a winner in Apple’s court battle with the FBI (Globe and Mail) Did Apple win? Or the U.S. government? Neither did

How is Apple doing in its fight for #nobackdoors? (Naked Security) In the battle between Apple and the US government over security backdoors, it’s hard to say who is winning and who is losing, not least because the fight is far from over

Oracle seeks $9.3 billion for Google’s use of Java in Android (PCWorld) The figure appears in a report by Oracle's damages expert, which Google strongly contests

Wells Fargo settles with California for privacy law violations (Reuters via Business Insurance) A Wells Fargo & Co. unit will pay $8.5 million to California and five counties to settle charges that it violated customers' privacy due to not disclosing in a timely fashion that it was recording their calls, California's attorney general said on Tuesday

Banks ‘should not compensate’ victims of online fraud (We Live Security) UK Metropolitan police commissioner Sir Bernard Hogan-Howe has advised banks not to offer compensation to victims of online fraud, arguing that the increased risk will encourage people to better protect themselves against cybercrime

Creator of spoofed police Facebook page may be charged with felony (Naked Security) On 2 March 2016, some joker posted a Facebook page that spoofed a police department, replete with fake news posts and insults

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet...

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

Upcoming Events

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.