skip navigation

More signal. Less noise.

Daily briefing.

The Panama Papers are expected to be released later today in the form of a searchable online database. Personal information thought potentially valuable to criminals, or unduly injurious to individuals’ privacy, will be redacted or otherwise rendered accessible, the ICIJ says. Canadians and New Zealanders are among the groups expected to suffer some degree of exposure.

OpIcarus continues to work its disruptive way into more banking sites, still poking around Mare Nostrum, but extending its reach to banks in Panama, Kenya, and the Bailiwick of Guernsey.

The hackers responsible for a breach at Qatar National Bank (thought to be members of a Turkish group, but the identification remains obscure) appear to have hit the UAE’s InvestBank with publication of similar information.

India accuses Pakistan’s ISI of trolling the Indian military with spyware-bearing gaming and music apps.

The US command responsible for doing things to ISIS has gone coy about cyber operations. The public spokesman for Operation Inherent Resolve is on Reddit, riffing on Fight Club’s rules. That the information operations battle will be a tough one for anti-ISIS forces is suggested by, first, widespread suspicion among Iraqis that ISIS is really a wheels-within-wheels American cat’s paw, and, second, ISIS’s angry engagement with Islamic theologians (in which disputes Ibn Rushd would have recognized resurface).

Cyber security stocks were clobbered in the market late last week, as investors found reports from bellwethers FireEye, Imperva, and CyberArk disappointing.

Twitter tells Dataminr to stop providing its social media feeds to the US Intelligence Community.

Notes.

Today's issue includes events affecting Australia, Bosnia and Herzegovina, Brazil, Canada, China, France, Bailiwick of Guernsey, India, Iraq, Ireland, Israel, Kenya, Kyrgyzstan, Maldives, Netherlands, New Zealand, Pakistan, Panama, Qatar, Russia, Syria, Tajikistan, Turkey, United Arab Emirates, United Kingdom, United Nations, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Ben Yelin of the University of Maryland's Center for Health and Homeland Security reviews the ways in which law struggles to keep pace with technology's advance.

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Panama Papers Source Offers Documents To Governments, Hints At More To Come (ICIJ) Source known only as John Doe says income inequality "one of the defining issues of our time" and calls on governments to address it

Names in Panama Papers leak to go online for public today (Chcago Tribune) The names of more than 200,000 offshore companies found in the Panama Papers leak are being made accessible to the public Monday through a searchable database

Panama Papers reveal middlemen between Canada and offshore secrets (CBC) Leaked data shows top Canadian offshore operators include Alberta fraudster, former B.C. lawyer

Panama Papers report alleges NZ prime place for rich to hide money (Reuters) Wealthy Latin Americans are using secretive, tax-free New Zealand shelf companies and trusts to help channel funds around the world, according to a report on Monday based on leaks of the so-called Panama Papers

ICIJ's release of the Panama Papers won't include personal data, emails, bank records (Sydney Morning Herald) The biggest release of more than 200,000 secret offshore entities that are part of the Panama Papers investigation will be unveiled on Tuesday

OpIcarus Finds More Targets as Banks in Panama, Bosnia and Kenya Go Offline (Hack Read) It’s been over a week since Anonymous and Ghost Squad began conducting cyber attacks on banking websites worldwide. It’s the weekend now but the hacktivists aren’t taking a break; while you were sleeping they conducted distributed denial-of-service DDoS attacks on the websites of four International banks including the central bank of Kenya, National Bank of Panama, Central Bank of Bosnia and Herzegovina and Maldives Monetary Authority

OpIcarus continues as hacktivists shut down 3 more banking websites (Hack Read) Though they have their difference, when it comes to OpIcarus it seems the Anonymous hacktivists andGhost Squad group have found mutual interests

UAE InvestBank Hack: Leaked Data showing passport and Credit Card Detail (Hack Read) A data file that shows and holds sensitive financial data has been published. The data, 10GB in size, was published online and seems to have been taken from a bank that is in the United Arab Emirates. The Zip file for first analysis shows that the financial information is from tens of thousands of customers with the InvestBank, which is based in Sharjah

India Blames ISI for Spying on Military Through Gaming and Music Apps (Hack Read) Pakistan’s intelligence agency is popular all over the world for its novel tactics and amazing abilities to stay updated about security concerns. After all, it wasn’t declared one of the world’s best intelligence agencies in 2015 for nothing

Muslim Leaders Wage Theological Battle, Stoking ISIS’ Anger (New York Times) As the military and political battle against the Islamic State escalates, Muslim imams and scholars in the West are fighting on another front — through theology

US struggles to convince Iraqis it doesn't support IS (AP) For nearly two years, U.S. airstrikes, military advisers and weapons shipments have helped Iraqi forces roll back the Islamic State group. The U.S.-led coalition has carried out more than 5,000 airstrikes against IS targets in Iraq at a total cost of $7 billion since August 2014, including operations in Syria. On Tuesday a U.S. Navy SEAL was the third serviceman to die fighting IS in Iraq. But many Iraqis still aren't convinced the Americans are on their side

Cyber in Operation Inherent Resolve? Think ‘Fight Club.’ (C4ISR & Networks) The fight against the Islamic State group, known alternately as ISIS, ISIL and Daesh, involves numerous approaches, facets, partners, tools and weapons. But if any of those involve cyber, the top spokesman for the operation isn’t saying so

Fighting the Islamic State (Defense News) Daveed Gartenstein-Ross, senior fellow at the Foundation for the Defense of Democracies, discusses the Pentagon’s strategy to combat ISIS

Islamic State's Recruitment Strategy (Defense News) Daveed Gartenstein-Ross, senior fellow at the Foundation for the Defense of Democracies, discusses the Pentagon’s strategy to combat ISIS and its recruitment strategy

Did China Just Steal $360 Billion From America? (Forbes) “The FBI has obtained information regarding multiple malicious cyber actor groups that have compromised sensitive business information from U.S. commercial and government networks through cyber espionage,” warned the law enforcement agency on the 2nd of this month. At about the same time, the Department of Homeland Security and the Defense Security Service of the Department of Defense issued similar alerts

Russia’s Mail.ru denies mass password breach; researcher stands by findings (Indian Express) Russia's Mail.ru denies tens of millions of users were at risk after researchers found its data circulating among cyber criminals

Garbage in, garbage out: Why Ars ignored this week’s massive password breach (Ars Technica) When a script kiddie sells 272 million accounts for $1, be very, very skeptical

The Giant Email Hack That Wasn't (Fortune) And most of the data in question was “bogus"

40 million User Data from Adult Social Network Emerges on Dark Net (Hack Read) Fling.com (NSFW), an adult social network has apparently been hacked and as a result login credentials of 40,769,652 registered users have been stolen and available for sale on the Dark Web by a hacker calling himself by a vicious hacker known as “Peace of mind"

Rio Olympics Likely a Magnet for Cybercriminals (Wall Street Journal) As cybercriminals gear up for action ahead of the summer Olympic and Paralympic Games, host country Brazil and the Rio Games’ global sponsors are bracing for countless virtual showdowns

Six-year-old patched Stuxnet hole still the web's biggest killer (Register) Crusty bait makes for great phishing

Will a visit to The Pirate Bay end in malware? (Naked Security) Back in the early days of computer viruses, in the late 1980s and early 1990s, advice on how to avoid infection often started like this: Don't pirate stuff

According to Chrome, Safari and FireFox ThePirateBay is a Phishing Site (Hack Read) It was a “dark day” for all the Torrent lovers worldwide after The Pirate Bay was shunned by Google’s Chrome, Apple’s Safari and Mozilla’s Firefox browsers yesterday

Ransomware is now the biggest cybersecurity threat (ZDNet) Simple attacks plus user willingness to pay ransoms to get their files back means ransomware is on the rise, warn Kaspersky researchers

New ransomware modifications increase 14% (Help Net Security) Kaspersky Lab detected 2,896 new ransomware modifications during the first quarter, which is an increase of 14 percent on the previous quarter. In addition, the number of attempted ransomware attacks increased by 30 percent

Critical Vulnerability Discovered in 2011 Qualcomm Code (Android Headlines) There is a critical security vulnerability present in some Android devices based around a piece of Qualcomm code that has existed from at least 2011 and now referred to as CVE-2016-2060

Five-Year Old Bug Lets Attackers View SMS And Call History On Qualcomm Android Devices (Lifehacker) Millions of Android devices using Qualcomm technology are vulnerable to a critical security flaw that dates back to 2011

Hotel malware caught checking in (Enterprise Times) Less than a week after warning that hotels were being constantly targeted by hackers, Panda Security managed to catch an attack in the act. The attack came in the form of a phishing email to an employee at an unnamed hotel and was, according to a Panda Security press release, captured by its Adaptive Defence 360 security software

Power networks on high alert amid cyber threats (Sydney Morning Herald) Electricity network companies face having to further beef up their defences against cyber attacks as the rise of small-scale renewable power generation increases the vulnerability of the grid to attack

Google suffers data breach via benefits provider (CSO) Data breaches are always a horrible thing when you are on the side that has been tasked with defending the realm from invaders

Crooks Grab W-2s from Credit Bureau Equifax (KrebsOnSecurity) Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday

Walmart confirms police report, says card readers compromised in Virginia (CSO) Detectives suspect crooks used overlay skimmers, which can be installed in seconds

Security Patches, Mitigations, and Software Updates

Lenovo patches serious flaw in pre-installed support tool (CSO) The flaw could allow attackers to gain higher privileges on compromised computers

GitLab repairs critical flaw that lets users log in as admins (CSO) The fixes are available for all supported versions of GitLab Community Edition and GitLab Enterprise Edition

Verizon Galaxy S7 and S7 edge getting updates with latest security patches and more (Phonedog) Just two days after T-Mobile’s Galaxy S7 and Galaxy S7 edge got software updates, Verizon has started pushing updates to its own versions of the GS7 and GS7 edge

Cyber Trends

The impending death of the traditional Intranet (CSO) In medieval times castles were typically protected by a moat or something akin to it like an open ditch

CIO alert: Information technology is a $4 trillion global business (ZDNet) Research describes the size, direction, and growth of the IT market. For CIOs and other IT professionals, understanding these dynamics can help with planning company strategy and making wise personal career choices

Security the key to software-defined datacentre takeup (Cloud Pro) 94 per cent of executives think security is more important than cost savings

How Microsoft keeps the bad guys out of Azure (Network World) Microsoft releases its latest security report, includes information about its cloud services for the first time

Microsoft's latest security report finds that vulnerability disclosures are on the up (Inquirer) Well, it should know

Incoming FireEye CEO: Scale of Security Breaches Smaller (Bloomberg West) Kevin Mandia, incoming FireEye chief executive officer, discusses security breaches with Bloomberg's Ramy Inocencio on "Bloomberg West"

Internet of Fail: How modern devices expose our lives (Help Net Security) Should you sync your family’s calendar to your refrigerator or have it display photos? Samsung believes you should. They also think you need cameras that display the food inside, to help during shopping. Sure, these features can make life easier, but how would you feel about someone accessing this information? What could a stranger do if he knew you’re out of the house tomorrow night?

How small businesses approach risk mitigation and response (Help Net Security) CSID released the findings of a survey recently conducted for small businesses (under 10 employees) to determine sentiment and concerns from small business owners around cyber security and how this population is approaching risk mitigation and response

Don't Just Click, It Could be a Trick (Slam the Online Scam) According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year

UK.biz is still clueless at fending off malware attacks, says survey (Register) Security is a custom ‘more honoured in the breach’

Majority of Scots fear cyber attack while firms are more complacent (National) More than 80 per cent of Scottish consumers worry about which businesses have access to their data and whether their details are protected, research has revealed

50 Percent of North American Companies Believe They're More Secure Than a Year Ago (eSecurity Planet) Just 12 percent think they're less secure, a recent survey found

Marketplace

Software security suffers as upstarts lose access to virus data (Reuters via Yahoo! Tech) A number of young technology security companies are losing access to the largest collection of industry analysis of computer viruses, a setback industry experts say will increase exposure to hackers

Cyber investing recap for CISOs (CSO) Best of show nods for the inaugural Cyber Investing Summit

Cybersecurity stocks sell off after FireEye, Imperva, and CyberArk report (Seeking Alpha) Palo Alto Networks (PANW -3.7%), Proofpoint (PFPT -3.6%), Rapid7 (RPD -2.1%), Identiv (INVE -7.5%), and Vasco (VDSI -3.1%) are selling off after security tech peers FireEye (down 18.8%), Imperva (down 25.2%), and CyberArk (up 1.5%) delivered their Q1 reports.FireEye, likely the biggest culprit behind the selloff, posted mixed Q1 results (sales missed, EPS beat), offered light Q2 and full-year revenue guidance (full-year billings guidance was affirmed), and announced (as part of a larger management shakeup) Kevin Mandia is replacing Dave DeWalt as CEO

Cyber Insecurity Hits FireEye and Imperva as Their Stocks Get Crushed (TheStreet) Cyber security shops FireEye (FEYE - Get Report) and Imperva (IMPV - Get Report) are being rocked on Friday trading, following their first-quarter earnings reports

FEYE Stock: FireEye Inc Tumbles, But It’s Not Beat (Investor Place) FEYE stock plunges on a bad quarter and the abrupt departure of the CEO, but there are upsides to this cybersecurity firm

Mandia Replaces DeWalt as FireEye CEO (Infosecurity Magazine) FireEye has announced that CEO David DeWalt is to step down as CEO, to be replaced by Kevin Mandia

FireEye Announces New CEO, Stock Plummets, Reasons For Optimism (Forbes) FireEye, Inc. — one of the world’s largest pure-play cybersecurity firms — announced a new CEO yesterday

Ouch! Why Imperva Inc. Stock Plummeted (Motley Fool) The market doesn't seem to like the cyber-security company's guidance. Here's what investors should know

Cyberark Software Ltd (CYBR) Stock Plummets After Q1 Earnings Call (Bidness Etc.) Cyberark Software Ltd (CYBR) Stock Plummets After Q1 Earnings Call

Inside Palantir, Silicon Valley’s Most Secretive Company (BuzzFeed) A cache of internal documents shows that despite growing revenue, Palantir has lost top-tier clients, is struggling to stem staff departures, and isn’t collecting most of the money it touts in high-value deals

Webroot leads cyber security market as demand continues to grow (Security Brief NZ) Webroot appears to be moving from strength to strength, experiencing significant revenue growth this year thanks to an increasing demand for cyber security solutions and a few key customer wins

TalkTalk to dial up sales despite cyber attack (Telegraph) Budget broadband provider TalkTalk is hoping to hang up on the effects of last year’s cyber-attack when unveils its annual results this week

Duo Security bolsters region's technology profile (Detroit Free Press) Dug Song first met his future business partner, Jon Oberheide, when the latter hacked into the computer system at a firm where Song was working at the time

Michael Dell announces Dell Technologies (Indian Panorama) Michael Dell revealed the new names, and yes we are talking multiple names, for the artist formerly known as the Dell-EMC deal toda

Altamira expands intelligence business with acquisition (Washington Technology) Altamira Technologies Corp. is building out its intelligence business with the acquisition of Prime Solutions LLC, a Columbia, Md., company that specializes in cyber operations

CyberPoint spins out IoT security company (Technical.ly Baltimore) AKUA will initially focus on security for the data-collecting sensors used by logistics managers

Leidos CEO Roger Krone confirms that company does 'offensive cyber' for feds (Washington Business Journal) At a time when industry is reluctant to acknowledge its role in the Pentagon’s cyber warfare operations, Leidos Holdings Inc. (NYSE: LDOS) CEO Roger Krone confirmed Thursday at an investor conference his company plays in the offensive cyber market

Kyrgyzstan state bodies invite Kaspersky licence bids (Telecompaper) The Kyrgyzstan Ministry of the Economy has announced a tender on the acquisition of an anti-virus system, reports Tazabek. The size of deal totals KGS 480,000

Hewlett Packard Enterprise Co (NYSE:HPE) identifies a role to play in the world of automated cars (Invest Correctly) Hewlett Packard Enterprise Co (NYSE:HPE) has identified a number of opportunities in the automated vehicle industry and it is going for them. The company is in the process of creating an automated vehicle ecosystem. HPE wants to take the data generated by automated cars and turn it into something more useful for drivers and other industry players

Veering Off Topic With CloudLock CEO Gil Zimmermann (Xconomy) Next up in my series of meandering conversations with tech leaders: CloudLock CEO Gil Zimmermann. Zimmermann co-founded the cloud security software company in 2007 as Aprigo and shifted it to its current name and product focus in 2011. The firm, based in Waltham, MA, has raised some $35 million from investors, and its products are now being used by more than 6 million employees of large enterprise companies, according to CloudLock’s website

iovation CEO Greg Pierson Named Entrepreneur of the Year Finalist (MarketWired) Ernst & Young Recognizes Pierson for Driving Growth, Innovation and Community Involvement

CSRA Alliance for Fort Gordon gets new director (Augusta Chronicle) The CSRA Alliance for Fort Gordon, the region’s military advocacy organization, announced Friday that retiring Executive Director Thom Tuckey will be replaced by a 32-year Army veteran whose last assignment was serving as senior enlisted adviser to Fort Gordon’s commanding general

Products, Services, and Solutions

Inmarsat plans to launch cyber security app (Marine Electronics & Communications) Inmarsat is planning to launch a cyber security service as the first application on its new Fleet Xpress satellite communications solution for shipping. The London-based company has been working with Singapore Telecommunications (Singtel) to develop a specialised application for reducing the risk of cyber attacks on ships

How to change your passwords automatically with Dashlane and LastPass (PC World) It's a pain to change your passwords manually. These two password managers make it easier by doing it for you

Microsoft-Centric Innovators Gridstore and 5nine Software Showcase Advanced Security With HyperConverged Infrastructure (Marketwired) Gridstore®, the leader in hyper-converged all flash infrastructure for the Microsoft Cloud-Inspired Datacenter and 5nine Software, the leading global Hyper-V virtualization security and management provider, today announced they will be presenting their recently launched integrated solution that delivers advanced security for hyperconverged infrastructure at the upcoming Microsoft Cloud and Hosting Summit, May 10-12 at the Hyatt Regency in Bellevue, Washington

FedRAMP Authorization Given to Dell Services Federal Government’s Cloud (Washington Executive) On April 22nd Dell Services Federal Government’s (DSFG) cloud offering received the Federal Risk and Authorization Management Program (FedRAMP) authorization which means that Dell Cloud for U.S. Government (DSG), DSFG’s multi-tenant cloud platform has met the security standards and requirements of the Federal Information Security Management ACT (FISMA)

Blackberry Priv - Not a phone for the aam admi (DNA India) A high price tag and lack of features for the average consumer make the phone suitable only for enterprises

ZENEDGE Open Sources Linux Kernel Extension for Cybersecurity (PRWeb) ZENEDGE, a leading provider of cloud-based, Artificial Intelligence (AI) driven cybersecurity solutions, announced today that the Company is contributing a Linux kernel extension called Zentables-­addons to open source​, developed to increase the capacity to block IP addresses behind an HTTP load balancer, such as HA Proxy or ​Amazon ELB​

Alliance Key Manager Now Supports Encryption Key Management for MongoDB Enterprise Advanced - Key Management without Application Changes (Benzinga) Townsend Security's Alliance Key Manager for MongoDB offers unparalleled security, flexibility and affordability for all users of MongoDB Enterprise Advanced

Technologies, Techniques, and Standards

PCI DSS 3.2: Making the Move to MFA (Dark Reading) PCI DSS has always required that any untrusted, remote access into the cardholder data environment use multi-factor authentication. Now version 3.2 takes it one step further

Is “Next Gen” patternless security really patternless? What the changes to VirusTotal’s Terms of Service Really Mean (Trend Micro: Simply Security) Trend Micro is a long-time supporter of VirusTotal. We support VirusTotal because we believe that keeping people around the world safe on the Internet requires partnerships

TalkTalk head of security: What we learned from the cyber attack (Computer Business Review) C-level briefing: Charles Bligh says there is "always a silver lining" to being hacked

Virtual environments make it easy to deploy deception technology (Network World) Attackers use deception to invade your network. Turn the tables and deceive them so the attack gets trapped and stopped

Banks work around the clock to thwart cyber crooks (Las Cruces Sun-News) The Department of Homeland Security in 2004 deemed October as National Cyber Security Awareness Month — a time to raise public consciousness about the ever-more-sophisticated ways in which criminals are trying to steal from working people, businesses and the financial institutions in which they put their money for safekeeping

Retailers must upgrade authentication, encryption and pen testing (CSO) The PCI Security Standards Council now requires better authentication, encryption and penetration testing

Changing Your Password Too Often Exposes You to Hackers (Biz Tech Mojo) Security experts often advise computer users to update their passwords periodically to stay safe from hackers but surprisingly, a Britain's security service claims that your online data is even safer if you avoid changing your password routinely

A look inside the Department of Homeland Security's cyberhub (Verge) The building where the Department of Homeland Security tracks every cyber attack against the US is surprisingly bland

Network visibility remains the key to safe digital transformation, says Cisco (ComputerWeekly) Accessing analytics to deal with incidents is the future of information security, according to Terry Greer-King

Design and Innovation

Prep for next-gen encryption should start yesterday (GCN) The National Institute of Standards and Technology is getting nervous about quantum computers and what they might mean for the cryptographic systems that protect both public and private data. Once seen as far off -- if not borderline science fiction -- quantum computing now seems a much closer reality

Research and Development

IARPA funding brings ideas ‘from disbelief to doubt’ (Federal Times) The Intelligence Advanced Research Projects Activity has opened up its annual broad agency announcement calling for submissions of the most bleeding-edge technologies and ideas the private sector has to offer

Academia

NSA recognizes Embry Riddle as a top school for cyber defense (Orlando Sentinel) The National Security Agency and the Department of Homeland Security have recognized Embry-Riddle Aeronautical University’s Daytona Beach Campus as a top school nationally for cyber defense education

EOU math students solve cryptography challenge (My Eastern Oregon) Eastern Oregon University math majors had the opportunity to test their cryptanalysis skills – deciphering coded messages, that is – for a competition this spring

Legislation, Policy, and Regulation

Microsoft to speak about ‘Digital Terror’ at Security Council Meet (Go Android Apps) Microsoft to speak about ‘Digital Terror’ at Security Council Meet: From the UN Security Council Microsoft has accepted the invitation to address a special debate next week on the counter- terrorism and confronting the ‘digital terror’, UN diplomats said

France beefs up defences against corporate espionage (Financial Times) France is boosting its fight against corporate espionage after belatedly realising that some of its largest trading partners have been extensively spying on its companies, according to the country’s corporate intelligence chief

Ireland: Survey of Recent Developments in National Cyber Security Sphere (Lexology) In this article, we consider recent policy and strategy level developments in the cyber security sphere in Ireland

Obama's Cyberdoctrine (Foreign Affairs) As the administration of U.S. President Barack Obama begins to wind down, much of Washington’s national security community is working to deliver the next president with fresh ideas on cybersecurity. No matter what these groups recommend, the next president would do well to recognize that the Obama administration has found what is likely the only workable strategy: making it a private sector responsibility

Situational Awareness Will Inform Risk Management Decision Making (SIGNAL) Cyber information sharing can emerge from existing private sector organizations

Hacking the Hackers: Should Private Companies Strike Back? (SIGNAL) Intelligence officials debate the ethics of cyber vigilantes

The Pentagon’s Intel Chief Already Has Some Advice for the Next US President (Defense One) 'The integration of intelligence of the past 15 years is a journey that is not finished,' said Marcel Lettre, undersecretary of Defense for intelligence

State's school for cyber (FCW) Training State Department Foreign Service officers on cybersecurity is expensive, time consuming, and a logistical headache. But the department's top cyber official says that it's a critical investment in overseas work

Litigation, Investigation, and Law Enforcement

Twitter Bars Intelligence Agencies From Using Analytics Service (Wall Street Journal) Social media firm cuts access to Dataminr, a service used to identify unfolding terror attacks, political unrest

Hacker Lexicon: Stingrays, the Spy Tool the Government Tried, and Failed, to Hide (Wired) Stingrays, a secretive law enforcement surveillance tool, are one of the most controversial technologies in the government’s spy kit. But prosecutors and law enforcement agencies around the country have exerted such great effort to deceive courts and the public about stingrays that learning how and when the technology is used is difficult

DOJ: Wyden misunderstanding law in fight over secret cyber memo (The Hill) The Justice Department and Sen. Ron Wyden (D-Ore.) are squaring off in an increasingly bitter legal battle over a 13-year-old legal opinion

She Spoke Up About Cooked ISIS Intel. They Booted Her—for Cursing. (Daily Beast) An employee at CENTCOM’s Joint Intelligence office says she was reassigned, supposedly for cursing at work, after speaking out about cherry-picked ISIS war intel

Trial opens Monday for three Twin Cities ISIL suspects (Minneapolis Star-Tribune) The results of a yearslong investigation will be closely watched for clues on how potential homegrown terrorists can be detected

Tajikistan Detains Four Alleged Islamic State Supporters (Radio Free Europe/Radio Liberty) Tajik authorities say they have detained four suspected supporters of the Islamic State (IS) extremist group who were allegedly planning to carry out terrorist attacks in the country during the celebrations marking Victory Day on May 9

Spearphishing attack nets hundreds of thousands from investment firm (SC Magazine) Spear-phishing attacks continue to make big profits for attackers and big losses for victims, according to a new Mimecast report

Ex-Army Contractor Sentenced for Lying on Security Form (Military.com) A former U.S. Army contractor has been sentenced for lying on his security clearance form and damaging Army computers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own...

Upcoming Events

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

CISO UK (London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise...

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time...

Guarding the Grid (Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...

Telegraph Cyber Security (London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.