skip navigation

More signal. Less noise.

Daily briefing.

Business email compromise claims the Pomeroy Investment Corporation, which reported last month that a bogus email induced an employee to wire $495,000 to an offshore account. Investigation is in progress.

As Android becomes a harder target since withdrawing third-party-app access to getRunningTasks(), its accessibility services appear poised to become attackers’ preferred route. Exploitation would require user interaction, probably with adware-like attacks.

IBM warns that footprinting is back. Such pre-attack reconnaissance includes several techniques, including “network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.”

Recorded Future looks at proof-of-concept exploits and finds a surge in their production by black hats. They also note that Twitter seems to be replacing Pastebin as a favorite venue for sharing exploits.

FireEye and CyberArk both reported earnings late yesterday. FireEye posted a better than expected loss of $0.47 per share on $168.0 million in revenue. CyberArk reported $0.23 in earnings per share on $46.9 million in revenue. FireEye also saw an increase in security subscription services, which it sees as playing a greater role in its business. FireEye’s CEO DeWalt will fleet up to Executive Chairman, with Kevin Mandia moving in as the new CEO.

The Los Angeles Police Department succeeded in gaining access to a murder victim’s locked iPhone 5s, hitherto thought more resistant to cracking than the iPhone 5c used by the San Bernardino jihadist. Observers expect this to inform the crypto wars.

Craig Wright seems to have given up, albeit ambiguously, his claim to be Satoshi Nakamoto.

Notes.

Today's issue includes events affecting Australia, China, Iraq, Japan, Republic of Korea, Pakistan, Qatar, Russia, Syria, Taiwan, Turkey, United States.

World Password Day may be yesterday's holiday, but passwords remain an enduring source of fascination and vulnerability. Catch our short educational video here: Episode 1: The Stickynote Menace.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Level 3's Dale Drew, who'll discuss a DDoS tactic. We also have an exclusive interview with Recorded Future's Nicholas Espinoza on his company's just released report on proof-of-concept exploits. And, finally, we'll hear about cyber security policy and cyber innovation strategies in Australia from Data61's Adrian Turner. 

Cyber Security Summit (Dallas, Texas, USA, May 3, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Hundreds of Millions of Email Accounts Hacked and Traded Online, Says Expert (NBS News) Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters

Reuters: Security expert finds over 270M stolen credentials for sale (CIO Dive) The stolen cache included almost 57 million Mail.ru account and "tens of millions" of credentials for Google, Yahoo and Microsoft email users

Hacked password collection isn't as bad as it sounds (Wired) The trading of millions of email addresses from Google, Yahoo, and Microsoft accounts may not be as bad as it first sounds

Cyber Experts: Change Passwords After Massive Hack (NBC News) Cybersecurity professionals warn that anyone with a personal email account might want to change their passwords following revelations of a massive cache of stolen user names and passwords being offered for sale on the Internet

New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks (Techworm) Security researchers from Forcepoint, a global leader in authorizing organisations to drive business forward through transformative security technologies, say that a new botnet has slowly grown and developed to hold over 19,000 zombies all over the world, but mainly in Asian countries

Jaku: Analysis of a Botnet Campaign (Forcepoint) JAKU is the name given to the investigation, surveillance and analysis, by the Forcepoint Special Investigations team, of an on-going botnet campaign

Crooks Go Deep With ‘Deep Insert’ Skimmers (KrebsOnSecurity) ATM maker NCR Corp. says it is seeing a rapid rise in reports of what it calls “deep insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine

Android banking malware may start using adware tricks (Help Net Security) Android banking and credential-stealing malware with screen overlay capabilities is on the rise, but for it to be effective, it must detect when banking, email, social media apps are opened, identify them, and show the appropriate pop up intended to harvest sensitive data

Footprinting and Brute-Force Attacks Remain Prevalent (IBM Security Intelligence) Sophisticated cyberattacks grab the headlines these days. But with attention focused on advanced persistent threats and mutating malware, it’s easy to overlook older attacks that are still successful. To keep awareness up, the IBM X-Force threat research team has a new report on old favorites: “Beware of Older Cyber Attacks"

Ransomware continues to plague hospitals (Trend Micro: Simply Security) In February, the Hollywood Presbyterian Medical Center became victim to one of the most memorable cyber attacks to date

How did AVG Web TuneUp expose user data? (TechTarget) The AVG Web TuneUp browser extension, advertised as a way to control user privacy, exposed Chrome users' personal data. Expert Michael Cobb explains how this happened

QNB Confirms Leak, Downplays Damage (InfoRisk Today) Important information security questions remain unanswered

BEC Hack Scams Company Of $495,000 (Dark Reading) Fake mail sent to investment firm employee asking for transfer of funds

Charles Schwab data breach exposed client investment data (SC Magazine) Charles Schwab informed some of its customers on May 4 that the company had noticed unusual login activity on their account, possibly due to an unauthorized person having obtained their account username and password

Data breach at Guilford-area schools leads to identity thefts (Bangor Daily News) A data breach in School Administrative District 4 has resulted in at least five employees dealing with false income tax returns filed in their name, according to the Piscataquis County Sheriff’s Department

ISIS Cyberthreat: Puny but Gaining Power (TechNewsWorld) The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long

Hacking for ISIS: The Emergent Cyber Threat Landscape (Flashpoint) As the Islamic State (ISIS) has grown over the past two years, so too has its media machine, global support, and online channels. This unprecedented expansion has now come to include capabilities to inflict damage over the Internet, which came to light when its supporters began coordinating and organizing cyber attacks on Western targets. Highlighting this newfound desire to cause virtual harm was the brief 2014 takeover of Twitter accounts run by US CENTCOM and Newsweek

4 Reasons the War Against ISIS Is Working—and 1 Reason It’s Not (Time) The U.S.-led coalition has had increasing success in the war on ISIS, especially in Iraq and Syria—but the terror organization is regrouping in Libya

Al Qaeda Is About to Establish an Emirate in Northern Syria (Foregin Policy) After years on the back foot, the Nusra Front is laying the groundwork for al Qaeda’s first sovereign state

Security Patches, Mitigations, and Software Updates

Qualcomm patches widespread vulnerability, but most phones will remain at risk (CSO) OEMs got the fix in March, but that doesn't mean they pushed it to users

Cyber Trends

Prove It: The Rapid Rise of 12,000 Shared Proof-of-Concept Exploits (Recorded Future) Security researchers, threat actors, academics, and industry professionals all code proof-of-concept (POC) exploits

Miscreants tripled output of proof of concept exploits in 2015 (Register) Pastebin is for old hats. Cool black hats use Twitter now

For PoC exploits, go on Twitter (Help Net Security) Proof-of-Concept exploits are increasingly being shared and discussed online, threat intelligence firm Recorded Future has discovered

Proof-of-Concept Exploit Sharing Is On The Rise (Dark Reading) Research offers cyber defenders view of which POC exploits are being shared and distributed by threat actors

Antimalware software works, hackers still trying to exploit 6-year-old bugs (Ars Technica) Latest Microsoft security report confirms: There's a lot of malware out there

Cloud E-mail Security Market to Grow at 15.5% CAGR Driven by Adoption of Hybrid Solutions by Enterprises to 2020 (Newsmaker) According to the Cloud E-mail Security market report, a key driver for market growth is the rising number of instances of cloud service-specific attacks

Online Transaction Fraud To Hit $25.6 Billion By 2020 (Dark Reading) Juniper Research says cybercriminals will move to 'card not present' space with focus on ecommerce

What's Next For Network Security (Dark Reading) A 'vanishing' physical network perimeter in the age of mobile, cloud services, and the Internet of Things, is changing network security as well

The encryption challenge (GCN) IT managers know the movies get it wrong. A teenager with a laptop cannot crack multiple layers of encryption -- unless that laptop is connected to a supercomputer somewhere and the teenager can afford to wait a few billion years

Marketplace

Cyber insurance can be your worst nightmare, best friend (CSO) This new type of coverage has insurers, infosec pros scratching their heads

Better Buy: Palo Alto Networks Inc. vs. FireEye Inc. (Motley Fool) Which cybersecurity stock is a better fit for your portfolio?

FireEye vs. CyberArk: Who Won Earnings? (24/7 Wall Street) Both FireEye Inc. (NASDAQ: FEYE) and CyberArk Software Ltd. (NASDAQ: CYBR) reported first-quarter financial results after the markets closed on Thursday. 24/7 Wall Street took highlights from each of the earnings reports and put them side by side so we can see which cybersecurity firm had the better quarter

FireEye, Partners See Big Shift Toward Security Subscription Services In Q1 (CRN) FireEye saw a significant jump in demand for subscription-based security solutions in the first quarter of 2016 -- a trend company executives said Thursday would play an even greater part of its strategy going forward as it transitions CEOs

Tesserent Ltd to acquire cyber security specialist (Proactive Investors) Tesserent Ltd (ASX:TNT) will expand its position in the cyber security market, after signing an agreement to acquire the business of Blue Reef Pty Ltd, a provider of cyber security solutions for the education market

Contracting Groups Blast 'Flawed' Approach to $17.5B Pentagon Contract (Nextgov) Two industry groups who together represent a multitude of defense and IT contractors have taken issue with the Pentagon’s choice to source its $17.5 billion Encore III contract through the "lowest price, technically acceptable" selection process

CloudPassage Named "Most Innovative Cybersecurity Company" (MarketWired) Company honored in 2016 Cybersecurity Excellence Awards

Black Duck forms security advisory board, adds research and data-mining group (Software Development Times) Black Duck, the global leader in automated solutions for securing and managing open source software, today announced strategic initiatives to add security expertise and strengthen its research and innovation capabilities

Minerva Labs Bolsters Team With Seasoned Business and Tech Leaders (Press Release Rocket) Minerva brings in experienced industry leaders Lenny Zeltser and Steve Dickson as Advisory Board Members

Q. What's orange and white, has a new CEO but is red all over? A. Teradata (Register) Victor Lund sweeps in as new old broom

FireEye Strengthens Leadership Team, Positioning Company for Future Growth (MarketWired) David DeWalt becomes Executive Chairman, Kevin Mandia appointed CEO

Products, Services, and Solutions

VASCO Extends Biometrics Authentication Capability with DIGIPASS for Apps Face Recognition (PRNewswire) Facial recognition and fingerprint biometrics supplement a comprehensive library of mobile application protection solutions

Technologies, Techniques, and Standards

7 Password Experts on How to Lock Down Your Online Security (Wired) As far as made-up holidays go, “World Password Day” doesn’t quite have the same cachet as, say, Father’s Day, or even National Pancake Day (March 8th). Still, it’s as good an excuse as any to fix your bad passwords. Or better yet, to finally realize that the password you thought was good still needs some work

Forget about passwords: You need a passphrase! (We Live Security) 123456. password. 12345678. qwerty. 12345. All of the above, so easy to remember, so quick to type, so conveniently effortless to manage, represent five of the most common passwords used … today

World Password Day: Five ways to upgrade your password (IT Pro Portal) World Password Day is apparently a day for “taking our passwords to the next level”, so here are five traditions the crooks and password crackers really, really don’t want us to start

Before fighting a cyber attack, you have to find it first - How to tell if a data breach has hit your business (CBR) Analysis: Could your business be the next Sony, TalkTalk or Ashley Madison?

5 Questions SMBs Should Ask About Cloud Security (Dark Reading) Most small companies need help. Start by asking the right questions

How To Avoid Being A Cyber-Crime Victim (Convenience Store Decisions) “Most companies have some vulnerability and it doesn’t take a sophisticated attack to cause a security breach,” warns the CEO of SnoopWall

The Art of Hiding Cellphone, Laptop Cameras From Hackers and Government (Hack Read) With new and modern technology comes great responsibility for us as users to continue taking care and worrying about our privacy

Lessons Learned Drive DCGS-A Forward (SIGNAL) Army officials directly address criticisms of the service’s field intelligence system as it evolves

Design and Innovation

Craig Wright Ends His Attempt to Prove He Created Bitcoin: ‘I’m Sorry’ (WIred) Earlier this week, Australian Craig Wright offered what he called proof that he was Satoshi Nakamoto, the creator of the cryptocurrency Bitcoin, months after we had identified him as a possible candidate

Craig Wright Says Sorry, He Can't Offer Proof He's Bitcoin Creator Satoshi (Forbes) Either Craig Wright’s website has been hacked or he has issued a stunning apology that he can no longer offer proof he is the creator of cryptocurrency Bitcoin, the almost-mythical Satoshi Nakamoto

I’m Sorry (Dr. Craig Wright) I believed that I could do this. I believed that I could put the years of anonymity and hiding behind me. But, as the events of this week unfolded and I prepared to publish the proof of access to the earliest keys, I broke. I do not have the courage. I cannot

Can a Cybersecurity App Help Engage the Board? (InfoRisk Today) Looking for ways to get senior managers, board members more involved

Research and Development

How a Bunch of Supercomputers in the Desert Are Keeping You Safe (PC Magazine) PCMag met up with two supercomputing and quantum cryptography experts at Los Alamos National Laboratory's Strategic Computing Complex to see what keeps them busy at the secretive compound

Academia

Northrop Grumman Announces Winners of UK's CyberCenturion Competition to Find Cyber Security Talent of the Future (Globe Newswire) Company congratulates 2016 CyberCenturion Winners and highlights the global need for increased STEM and cyber education

Legislation, Policy, and Regulation

Can Pakistan's New Cybersecurity Law Help Combat Cybercrime? (InfoRisk Today) Still a Long Way to Go to Ensure a Cybersecure Ecosystem

Cyber operations come out of the shadows (Defense Systems) Cyber operations, which have long been conducted in the background, have been gaining more prominence. With high-profile intrusions into U.S. systems – the Office of Personnel Management and the email system for the Joint Chiefs of Staff, to name a couple – cyber conflict, capability and awareness has been brought to the attention of the public

NSA reveals hundreds of bugs a year, says former official (San Francisco Chronicle) A retired technical director for the National Security Agency, Richard George, says that the NSA regularly disclosed more than a thousand software and hardware bugs a year to companies

Presidential candidates asked to support encryption, embrace other IT issues (IDG via CSO) Candidates should talk more about cybersecurity and other tech issues, trade groups say

As nominee, Trump would get classified intelligence briefings (USA TODAY) Donald Trump's all-but-certain nomination as the Republican candidate for president has prompted questions about what kinds of intelligence briefings presidential candidates should have access to

Dem senator: Trump would leak classified information (THe Hill) Sen. Chris Murphy (D-Conn.) is raising concerns about giving Donald Trump access to classified intelligence, saying the GOP's presumptive presidential nominee would leak information

Spies Worry Candidate Trump Will Spill Secrets (Daily Beast) Take a conspiracy-minded, shoot-from-the-hip GOP candidate. Add classified briefings. Watch current and former intelligence officials squirm

Litigation, Investigation, and Law Enforcement

LAPD hacks iPhone 5s, proves they don't need Apple backdoor (TechRepublic) The LAPD recently hacked into an iPhone 5s involved in a very public murder trial. This news could prove a potential roadblock for backdoor legislation

So … Now the Government Wants to Hack Cybercrime Victims (Wired) Three new changes in federal court rules have vastly expanded law enforcement’s ability to hack into computers around the world

Top aide to Hillary Clinton questioned by FBI in email server investigation (Los Angeles Times) Huma Abedin, a close aide to Democratic presidential front-runner Hillary Clinton, was questioned last month by FBI agents investigating whether classified material was mishandled on the private email server used by the former secretary of State and her aides, according to a person familiar with the investigation

Officials: Scant evidence that Clinton had malicious intent in handling of emails (Washington Post) Prosecutors and FBI agents investigating Hillary Clinton’s use of a personal email server have so far found scant evidence that the leading Democratic presidential candidate intended to break classification rules, though they are still probing the case aggressively with an eye on interviewing Clinton herself, according to U.S. officials familiar with the matter

'Guccifer' Says He Hacked Hillary Clinton's Email and 'It Was Easy' (Fortune) Marcel Lazar, a Romanian man who has been accused of targeting politicians and their aides and goes by the name “Guccifer,” claims to have hacked Democratic Presidential candidate Hillary Clinton’s email server

After Hacking Bush, Guccifer admits Hacking Hillary Clinton’s Private Email Server (Hack Read) Marcel Lehel Lazar, infamously known as Guccifer, has admitted to hacking private email server of Democratic presidential hopeful and former First Lady of America Hillary Clinton back in 2013

NSA Silent on Spies’ Child Porn Problem (Daily Beast) The government’s cyber spying outfit has an ‘unbelievable’ child porn problem. But the NSA can’t—or won’t—say how often it finds such criminal images on its workers’ computers

Navy: Accused Spy Edward Lin Gave Secret Information to FBI Informant (USNI) The evidence against a U.S. Navy officer accused of passing classified information to foreign agents was the result – in part — of a government sting involving a Mandarin speaking FBI informant, according to an audio recording of an April 8 Article 32 hearing played for reporters on Thursday

Sailor charged with espionage contests his confession (Virginian-Pilot) A Taiwanese-born sailor charged with espionage admitted to the crime after he was arrested at Honolulu’s airport and was interrogated by Naval Criminal Investigative Service agents, but his attorney says the statement shouldn’t be admissible at a trial, according to evidence presented at a preliminary hearing at Norfolk Naval Station last month

On Wendy’s Class Action: The Beef’s in the Details (Digital Guardian) The fast food chain is the latest to face a class action lawsuit on behalf of customers whose credit card data was stolen following a data breach

Long Island University Student Arrested in Federal Child Porn Case (ABC 7) A young man was arrested Thursday morning on a Long Island college campus, accused of trolling Internet gaming sites popular with boys, in a case experts say represents a cautionary tale for parents

No one organizes any crime on Slack, apparently (TechCrunch) Slack released its second annual transparency report today, revealing that it has received a grand total of one government request for user data. Just one

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Security West 2016 (San Diego, California, USA, May 1 - 6, 2016) With cyber-attacks and data breaches on the rise, attacks becoming more frequent, sophisticated and costlier, the gap in the ability to defend has become wider and more time sensitive. Now is the perfect ...

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

CISO UK (London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time...

Guarding the Grid (Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...

Telegraph Cyber Security (London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.