skip navigation

More signal. Less noise.

Daily briefing.

The United Cyber Caliphate’s hit list of New Yorkers looks like recycled stuff, and not the results of any recent data breach. The threat’s disturbing for all that, but one shouldn’t let ISIS’s violent incitement lead one to overestimate the group’s technical skills.

Trend Micro has been looking into ISIS’s actual online communications toolkit. They find that terrorists (and they share this preference with the civilized world) like Gmail a lot (34% of their accounts are Gmail). Their next favorite email service is Mail2Tor (21%), then other secure services like Sigaint (19%). Yahoo’s got a surprising 12% share of the market. With instant messaging, Telegram is the favorite (34%) followed by Whatsapp (15%). The self-proclaimed Caliphate has sharked up some DIY tools—Trend Micro talks about six, four of which are encryption apps, the remaining two being information-sharing tools.

Kaspersky warns that the hackers who breached the Qatar National Bank have hit a second, unnamed bank, and will be releasing stolen data soon.

A Slack security engineer has warned that ImageMagick, the widely used image manipulation suite, is vulnerable to remote code execution, and that these vulnerabilities are being exploited in the wild. A Metasploit module is expected today; ImageMagick is offering interim mitigation advice in its online forum.

Ransomware continues to circulate. Fox-IT outlines RDP as an infection vector, and ThreatTrack offers a look at Petya. The FBI again reminds victims not to pay.

Iran and Russia show a striking, tender concern for the privacy of US NSA employees.


Today's issue includes events affecting Bermuda, Cayman Islands, China, France, India, Iran, Iraq, Republic of Korea, Malaysia, Mexico, Netherlands, Philippines, Qatar, Russia, Saudi Arabia, Switzerland, Turkey, United Kingdom, United States, and Venezuela.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Jonathan Katz, who'll explain digital signatures. We'll also talk with the Denim Group's John Dickson about power grid security, and in particular about the security of the British electrical distribution system. (And, just today, for all readers who are Star Wars aficionadi—you know who you are—May the Fourth be with you.)

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Recycled threat? ISIS publishes hit list of 3,600 New Yorkers (Arutz Sheva) FBI has reached out to targets, but not taking threats particularly seriously

Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations (Trend Micro) Cybercriminal activities have always involved the abuse of legitimate online tools and services

Trend Micro: 6 most popular homebrewed terrorist tools (Network World) Pre-packaged encryption, DDoS and news feed for tech-light jihadists

The Many Ways Terrorists Communicate Online (Fortune) Gmail and Yahoo Mail are surprisingly popular

Al Qaeda defector discusses group’s secrets in Islamic State magazine (Long War Journal) The man known as Abu Ubaydah Al Lubnani (“the Lebanese”) is one of the most senior al Qaeda leaders to defect to the Islamic State since the two jihadist organizations split in early 2014. Lubnani was once a top security official for al Qaeda in Afghanistan and Pakistan. But after being demoted from his sensitive post, he joined Abu Bakr al Baghdadi’s organization. Lubnani quickly became a thorn in al Qaeda’s side, revealing details about his former employer’s inner workings

QNB hackers to leak more data of another big bank soon (Gulf News) Attackers have Turkish roots and are known as Bozkurtlar, Kaspersky Lab says

ImageMagick vulnerabilities place countless websites at risk, active exploitation confirmed (CSO) Metasploit modules will be released on Wednesday

Ransomware enters companies through RDP servers (Help Net Security) Attackers wielding ransomware are targeting enterprises through an often-found hole in the corporate network: Internet facing, poorly secured remote desktop servers

A Glimpse at Petya Ransomware (ThreatTrack Labs) Ransomware has become an increasingly serious threat. Cryptowall, TeslasCrypt and Locky are just some of the ransomware variants that infected large numbers of victims. Petya is the newest strain and the most devious among them

Incidents of Ransomware on the Rise (FBI) Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them

Michigan electricity utility downed by ransomware attack (Register) Don't click on the links, don't click on the links, don't

FBI Reaffirms Stance Not to Pay Ransomware Attackers (Threatpost) The FBI has issued a warning to businesses about the relentless wave of ransomware. The bulletin includes preventative tips, and an affirmation of the bureau’s stance that companies affected by cryptoransomware attacks in particular should not succumb to temptation and pay their attackers off

Opportunistic cybercriminals tweaking old threats for new targets: Forcepoint (CSO) Medium-sized businesses face a surging threat from opportunistic cybercriminals who are changing their strategies as large enterprises become more complex to penetrate, a security-strategy director has warned as new figures correlate declines in spam email with a resurgence in time-honoured document-based macro malware

SophosLabs research finds “Designer” cyber threats on the rise (Albabwa) Sophos, a global leader in network and endpoint security, today revealed SophosLabs research that indicates a growing trend among cyber criminals to target and even filter out specific countries when designing ransomware and other malicious cyber attacks

Application-layer DDoS attacks will increase, Kaspersky Labs predicts (Network World) Cyber thugs are returning to application-layer attacks and using IT security firms as a test bed for attacks

Fraudsters Steal Tax, Salary Data From ADP (KrebsOnSecurity) Identity thieves stole tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms, KrebsOnSecurity has learned. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters

Cyber attack nabs 2015 W-2 forms of Mercury Marine workers (Fond du Lac Reporter) A computer phishing scam that netted personal information from Mercury Marine employees may have affected thousands of workers

How-To Info On Hacking Wireless Alarm Systems Readily Available Online (Security Sales and Integration) Wireless alarm systems are rife with vulnerabilities that could allow an intruder to gain entrance to a residence unnoticed, according to tech experts. That’s not new news but the specter of such a scenario continues to gain mainstream awareness

Unfunny wifi hotspots on a plane (CSO) News broke yesterday where a flight in Australia was delayed due to some intellectually challenged individual thought it would be funny to rename his/her wifi hotspot. But, before we dig into that I’ll share a personal story

Security Patches, Mitigations, and Software Updates

ImageMagick Security Issue (ImageMagick) We have recently received vulnerability reports for certain coders, they include possible remote code execution and ability to render files on the local system

Microsoft to change location of some security updates as of May Patch Tuesday (ZDNet) Microsoft will be excluding some, but not all, security updates from the Microsoft Download Center starting next week on Patch Tuesday

10-year-old Kid Hacks Instagram, Gets $10,000 Reward from Facebook (Hack Read) If a security researcher wants to take part in Facebook’s bug bounty program there is an age requirement but the 10-year-old Finish kid Jani ( the last name not revealed) hacked Instagram and reported it to the Facebook and got 10,000 USD as a reward

Cyber Trends

Enterprises Lack Top-Down Management Of Third-Party Risk (Dark Reading) New report finds there's not enough leadership in managing risks from business partners and vendors

Data breach trends 2016 – what Verizon's analysis of real breaches reveals (TechWorld) Data breaches just keep coming. We review Verizon's annual Data Breach Investigations Report covering 2015 incidents

Snowden cheers on increasing pace of government leaks (The Hill) Edward Snowden cheered on the increasingly swift pace of government leaks that are giving the public access to reams of official secrets

Social media scams are major online threats; PHL security deemed ‘minimal’ (Business World) Israeli cyber security firm CyberInt said the Philippines’ strong social media culture makes it particularly vulnerable to online threats, being the third-worst market in the Asia-Pacific for social media scams


What is cyber insurance and why you need it (CSO) Cyber insurance can't protect your organization from cybercrime, but it can keep your business on stable financial footing should a significant security event occur

Business interruption insurance moving into IT realm: NetDiligence Cyber Risk Summit speaker (Canadian Underwriter) More and more, the conversation surrounding business interruption (BI) is moving from the physical aspect of BI to the information technology side of things, attendees to the NetDiligence Cyber Risk Summit heard on Friday

DFLabs Secures $5.5M in Series A Funding Led by Evolution Equity Partners to Meet Demand for Automated Cyber Incident Response (Venture Beat) DFLabs positioned to accelerate growth as a leader in emerging automated cyber incident management and response market segment

Duo Security Snags $2.5M Grant, Will Hire Up to 300 (Xconomy) Ann Arbor, MI-based startup Duo Security announced that it has received a $2.5 million grant from the state’s Michigan Strategic Fund and, as a condition of the grant, plans to hire up to 300 new employees over the coming months. Economic development group Ann Arbor SPARK has pledged to assist Duo in its employee recruitment efforts

Ixia Announces Financial Results for 2016 First Quarter (BusinessWire) Ixia (Nasdaq: XXIA) today reported its financial results for the first quarter ended March 31, 2016

What to expect from FireEye’s results (MarketWatch) Shares have dropped, usually sharply, the day after eight of the 10 quarterly reports the company released since it went public

Partnership opportunities with one of the pioneers of antivirus protection (ChannelLife) ESET began life as a pioneer of antivirus protection, creating award-winning threat-detection software. If you don’t believe it, Lukas Raska, ESET COO for the APAC, recommends having a gander on Wikipedia

ESET evolving as end-to-end enterprise security company: Parvinder Walia (Computerworld) We have extended our technology expertise to emerge as the preferred security vendor for enterprises, says Parvinder Walia, APAC sales director, ESET

Siemens says it's investing "a lot" in cyber security (City A.M.) Siemens is investing “a lot” to bolster its defences against potential cyber attackers who may try to infiltrate its systems

Five Jobs Set to Grow in Oil, Gas: Cybersecurity (RigZone) After our first article on new job opportunities to come from the use of the Internet of Things and Big Data in oil and gas, here we look at how the oil and gas industry is set to employ further cybersecurity professionals as cyberattacks targeting the sector increase

DHS sweetens cyber workforce recruiting with new bonuses (Federal News Radio) In the intense competition to hire qualified cybersecurity professionals, the government’s advantage has always been its appeal to a sense of mission, not necessarily large salaries

What Shark Tank's Robert Herjavec Wants Every Aspiring Entrepreneur to Know (Fortune) His biggest regret? ‘I should have dreamed bigger’

Fortscale Bolsters Leadership Team and Expands Advisors (Press Release Rocket) Company Appoints David Somerville as SVP Worldwide Sales, DropBox’s Patrick Heim to Advisory Board, and Voltage Security’s Sathvik Krishnamurthy to Board of Directors

Products, Services, and Solutions

CyberPoint subsidiary wins contracts to participate in Department of Homeland Security pilot (Government Security News) CyberPoint International, LLC announced today that it has been awarded a fixed price contract by the Department of Homeland Security (DHS) Borders and Maritime Security Division (BMD) to participate in the Container Security Device Technology Demonstration for the US/EU Global Supply Chain Pilot Project. AKUA LLC, a subsidiary of CyberPoint, develops security solutions for customers in the logistics and supply chain markets

Skyhigh Networks Achieves FedRAMP Compliance (BusinessWire) Company is the first and only CASB to meet rigorous security requirements mandatory for all U.S. Federal agencies

Zimperium: Mobile Security Innovation at its Best (Silicon India) The use of mobile devices in the workplace continues to grow at an exponential pace with organizations embracing bring your own device(BYOD) and developing mobile applications to improve their business processes

Webroot Announces Integration with Citrix to Enhance Scalability and Security for Enterprise Customers Worldwide (PRNewswire) Integration of Webroot BrightCloud® IP Reputation Service with Citrix NetScaler to detect and block malicious incoming IPs

Lastline Enterprise Earns 2016 Cybersecurity Excellence Award for Advanced Persistent Threat Protection (MarketWired) Leader in advanced malware detection recognized for discovering and curtailing APTs and malware that others miss, while reducing false positives and non-correlated alerts vs. outdated security tools

Courion Releases Enhanced Identity and Access Intelligence Solution to Help Organizations Manage User Access (PRNewswire) Courion, the market leader in in Vulnerability and Access Risk Management solutions, today announced the release of Access Insight 9.0

Microsoft Azure receives security certification from Spain (WinBeta) Microsoft has just announced, via the Azure blog, a new security-related mark in the expansion of its cloud service brand in Europe, this time in Spain

Deloitte Teams up With Bloq to Build Blockchain Solutions (Blogchain News) Bloq announced that is working with Deloitte to build Blockchain software solutions for leading companies worldwide

Accenture and Splunk Team Up On Security and Analytics Offerings (Information Management) Consulting and outsourcing firm Accenture and operational intelligence platform provider Splunk Inc. have formed an alliance that integrates Splunk products and cloud services into Accenture’s application services, security and digital offerings

Creechurch Underwriters in Production with Oceanwide’s Cyber Risk Assessment Tool (BusinessWire) Oceanwide tool to empower Creechurch to better assess cyber risks for insureds

5 must listen to security podcasts (CSO) There are a lot of podcasts out there that you can listen to these days. Now, today I’m writing about 5 must listen security podcasts that you should start adding to your rotation yesterday. So, let’s be fair right out of the gate. This is not a definitive list by any stretch of the imagination and I will share more in a future post. So, if I have not added your podcast favourites have no fear as I will revisit this topic again

Technologies, Techniques, and Standards

Hidden in plain sight: Four signs your network might be under attack (Help Net Security) It’s a well-documented fact that an organization may be under attack and not even know it, with malware spreading undetected across the network for days, weeks or even years

The Operational And Cyber Security Benefits Of An IT-Centric Access Control Solution (Business Solutions) Ever since security systems and related peripheral devices made the jump to IP, there has been a desire to combine the two functions to derive greater intelligence and value from them. This has driven not just a technology convergence, but also a departmental convergence

Multi-layered security approach battles Ransomware (AVG.Now) From Locky to SamSam, JIGSAW to CryptoLocker, today’s ransomware variants can take down businesses with dramatic consequences. Ransomware will prevent file access, web browsers, applications, and entire operating systems

The Balancing Act: Government Security In The Cloud (Dark Reading) The cloud offers great opportunities and challenges to public sector security teams defending critical systems against advanced threats. These 7 strategies will help you avoid a worst-case scenario

Love Affairs with the Cloud Obscure Many Security Risks (Information Management) The Cloud Security Alliance (CSA) recently released “The Treacherous 12: Cloud Computing Top Threats in 2016,” which provided a run-down on the greatest security threats that organizations face with cloud computing

Moving Toward a Framework for Resilient Cybersecurity: Evaluating the Threat Landscape (CTOVision) In this previous post on The Need for a Framework for Resilient Cybersecurity we highlighted that the increasing diversity and sophistication of today's IT environments is driving a need for organizations to implement a framework for resilient cybersecurity. In this post we will focus on one of the critical components of this framework: Threat Intelligence

Yes, You Should Always Update Your Software (Center for Democracy and Technology) We have all received those annoying interruptions to our work — yes, the dreaded “update your software” message. Updates can be cumbersome — they can force you to stop what you’re doing, restart your computer, or change the interface you were working in upon the restart. But as unfun as they might be, they are an essential part of strong digital hygiene and one of the most important steps you can take to protect and secure your personal devices

Design and Innovation

The Essential Link between Privacy and Security: Optimizing for Both (Lawfare) As we explore how best to use data analytics to provide value for important social functions like healthcare, education, transportation and law enforcement, many people believe that the use of the data will necessarily erode privacy. I believe not merely that we can preserve privacy, but that data analytics can particularly serve privacy interests when we use data to increase security

Cyber experts pick holes in claims of Bitcoin 'creator' (Times of India) Australian businessman Craig Wright's claim to be Satoshi Nakamoto, the anonymous inventor of cryptocurrency Bitcoin, has led to a raging debate challenging its veracity. Cryptocurrency users and experts in the field have pointed to several loopholes in the digital proofs he has offered

Seven Questions to Make Sense of Craig Wright's Signature Proofs (Bitcoin Magazine) The Australian computer scientist Craig Steven Wright is sending shock waves throughout the Bitcoin world, as he once again claims to be the man who invented Bitcoin

Research and Development

Quantum computers pose a huge threat to security (IDG via CSO) An upcoming competition will invite the public to propose and test 'quantum-resistant' encryption schemes

Chemical key unlocks cryptography (Statesman) For centuries, codes and concealment have been the means to exchange secret information. A code that was difficult to crack, however, was difficult to compose and also to read

DHS S&T Awards Raytheon BBN Technologies $1.3M For Data Privacy Research (Homeland Security Today) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) awarded $1.3 million to a Raytheon subsidiary to develop technology to perform multiple online searches simultaneously in an effort to facilitate information sharing while preserving privacy


Northrop Grumman Hosts Second Annual Cyber Defense Competition at King Saud University (GlobeNewswire) CyberArabia participation doubles as program builds excitement among Saudi students for this critical, in-demand career field

Legislation, Policy, and Regulation

NSA to spy on its own staff off-the-clock: Official (PressTV) The US National Security Agency aims to keep a tab on its own staff and their personal computers when out of working hours to ensure they are not participating in illegal activities, including downloading child pornography, or leaking classified information

NSA to Spy On Own Employees Everywhere, All the Time © Flickr/ Dennis Skley (Sputnik) A National Security Agency official is seeking the ability to track employees on their personal computers, as well as at office workstations, to ensure they are not participating in illegal activities, including downloading child pornography, or leaking state secrets

US Army assesses cyber, electromagnetic spectrum’s role in the command post (DVIDS) The U.S. Army brought together operational forces and elements from the cyber, training and doctrine, research and development, and acquisition communities to further define how the Army operationally adapts to cyber and electromagnetic threats here April 18-29

Thales Partners With Netherlands’ Defense Forces to Open Cyber Training & Testing Facility (ExecutiveBiz) Thales and the Dutch armed forces’ defense cyber command formed an alliance to establish a new cyber training and testing facility

Litigation, Investigation, and Law Enforcement

Facebook CEO urges Brazilians to decry WhatsApp block (Reuters) Facebook Inc's (FB.O) Chief Executive Mark Zuckerberg called on Brazilians to demand his company's WhatsApp messaging service never be blocked again after an appeals court on Tuesday overturned the application's second suspension in five months

Navy sees increase in ‘sextortion’ cases; NCIS warns sailors about online behavior (New London Day) After a spike in reports of sexual extortion, or "sextortion," across the Navy, including at the Naval Submarine Base, the Naval Criminal Investigative Service is warning sailors not to engage in sexually explicit activities online

How the Kleptocrats’ $12 Trillion Heist Helps Keep Most of the World Impoverished (Daily Beast) An investigative economist has crunched 45 years of official statistics to discover just how much kleptocrats have plundered from 150 mostly poor nations

Noida cyber cell to launch on May 9 (Times of India) The cyber crime cell of Noida police is all set to begin operations on May 9 when Uttar Pradesh DGP Javeed Ahmad will inaugurate the hi-tech department, which has been set up at a cost of around Rs 1.25 crore

Wendy's Hit With Lawsuit Over Data Breach (Dark Reading) Fast-food chain accused of failing to protect customer credit card details

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

CEBIT (Sydney, New South Wales, Australia, May 2 - 4, 2016) With the Australian Federal Government officially announcing its national cyber security policy, ahead of CeBit Australia’s business technology event, CeBIT is ultra strong on cyber security, too. CeBIT’s...

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

National Oceanic Atmospheric Administration (NOAA) IT Security Conference (Silver Spring, Maryland, USA, May 4, 2016) The purpose of this event is to provide training and to educate NOAA and Department of Commerce personnel about various topics relating to Cyber Security. Attendance is open to NOAA and Department of Commerce...

SecureWorld Kansas City (Overland Park, Kansas, USA, May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May...

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May...

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the...

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

CISO UK (London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time...

Guarding the Grid (Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...

Telegraph Cyber Security (London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.