skip navigation

More signal. Less noise.

Daily briefing.

South Korean industrial conglomerate Hanjin Heavy Industries appears to have sustained a cyber attack (espionage was the apparent goal) on April 20. The RoK Defense Security Command has opened an investigation. North Korea is the prime suspect as usual and on form. CSO says it’s in touch with researchers who’ve seen signs of the DPRK-linked Lazarus Group’s resurrection.

Symantec notes that one of the bugs Microsoft patched yesterday, IE remote-code-execution vulnerability CVE-2016-0189, has been exploited in targeted espionage directed against South Korean targets.

Sophos publishes some interested research into the state of what Naked Security calls “the anti-anti-virus arms race.” They outline some of the techniques for fingerprinting specific victim devices malware developers are embedding in their code.

Microsoft issued sixteen patches yesterday (Threatpost calls the total “hefty”), eight of which Redmond rated critical. Those eight involved the aforementioned Internet Explorer, Edge, JScript and VBScript scripting engines in Windows, Office, Microsoft Graphics Component, Windows Journal, and Windows Shell.

Adobe also updated PDF Reader and Cold Fusion yesterday. The company also said it intends to issue another Flash Player update later this week.

In industry news, neither Pwnie Express nor Bayshore Networks appear to be suffering from a venture capital drought rumored to affect the cyber sector. Pwnie Express received $12.9 million in Series B funding from Ascent Venture Partners and others to fund the company’s push into IoT security markets. Bayshore’s $6.6 million in Series A funding (Trident Capital Cybersecurity) is also IoT-related, in this case to industrial security products. 


Today's issue includes events affecting Australia, Bahamas, Belgium, Brazil, Canada, China, European Union, Germany, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Panama, Turkey, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll talk with Dr. Vikram Sharma from Quintessense Labs on the pros and cons of quantum technology. (The pros include better random number generation for more secure cryptography. The cons include faster computers able more easily to break current encryption.)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

North Korea suspected of hacking South Korean defense contractor (CSO Online) On Tuesday, South Korean officials announced they're investigating a security incident at Hanjin Heavy Industries & Construction Co., one of the key contractors involved with building out the nation's naval fleet. North Korea is their top suspect, despite a lack of evidence.

​South Korea victim of Internet Explorer zero-day vulnerability (ZDNet) Research from Symantec has revealed that the Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability was used in targeted attacks in South Korea.

Internet Explorer zero-day exploit used in targeted attacks in South Korea (Symantec Security Response) Microsoft has patched an Internet Explorer zero-day vulnerability (CVE-2016-0189), which was exploited in targeted attacks in South Korea.

Microsoft and Adobe warn of separate zero-day vulnerabilities under attack (Ars Technica) Exploits exist for both bugs and allow for remote code execution.

Notes from SophosLabs: The anti-anti-virus arms race (Naked Security) The Gatak malware tries to keep track of where the world’s threat researchers are, and avoids playing ball if it thinks it’s in a sandbox.

Bucbi Ransomware Gets Makeover (The first stop for security news) Two-year-old Bucbi ransomware is making a comeback with new capabilities added, transforming the simple malware into Swiss Army Knife for cyber crime.

Exploits gone wild: Hackers target critical image-processing bug (Ars Technica) Vulnerability in ImageMagick allows attackers to execute malicious code.

Attackers are probing and exploiting the ImageTragick flaws (CSO Online) Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.

Article 29 Working Party still not happy with Windows 10 privacy controls (SC Media) The EU privacy watchdog has told Microsoft despite changes to the install screen, there is still no clear message of how Microsoft plans to process users' data.

Why GPS is more vulnerable than ever (The Christian Science Monitor) The space-based navigation and timing system faces a growing risk of attack. But there is a simple solution.

Cyberattack shuts down Killeen's website (The Killeen Daily Herald) Update: As of 8:30 a.m., the city of Killeen was still using a 2011-2012 cached version of their website while the city's maintenance teams work to restore the website to

Anonymous Hacktivist Group Now Gunning for Powerful Pedophile Networks (Sputnik News) Hackers collective declares vigilante justice against the international "paedosadist industry."

Verizon says cable, phone lines cut in local town was sabotage (WFXT) Verizon phone and cable lines have been cut up and down the East Coast at the same time workers across the country are on strike.

Experts Comments on Data Breach at British Retailer Kiddicare (Information Security Buzz) British retailer Kiddicare has suffered a data breach in which the personal details of nearly 800,000 customers have been stolen. The company said that the data had been taken from a version of its website that had been set up for testing purposes at the end of 2015. Customers have reported suspicious text messages that …

Security Patches, Mitigations, and Software Updates

Adobe, Microsoft Push Critical Updates (KrebsOnSecurity) Adobe has issued security updates to fix weaknesses in its PDF Reader and Cold Fusion products, while pointing to an update to be released later this week for its ubiquitous Flash Player browser plugin. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software

May 2016 Microsoft Patch Tuesday Security Bulletins (Threatpost) Microsoft's Patch Tuesday security bulletins include a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited.

May 2016 Patch Tuesday: IE zero-day patch tops the list (SearchSecurity) Microsoft's May 2016 Patch Tuesday targets an IE zero-day vulnerability as the top priority.

Dell Security Tackles ‘Everywhere’ Secure Access for Mobile Workforce (Integration Developer News) Dell Security is shipping an update to its SonicWALL Secure Mobile Access (SMA) operating system to provide remote workers using smartphones, tablets or laptop. Notably, the solution works with managed or unmanaged devices.

Microsoft says no more blocking Windows Store on Pro edition (Naked Security) You’re going to have to get the Enterprise or Education edition if you really want to block employees from downloading apps.

Cyber Trends

Business Apps Remain Corporate Security 'Blindspot' (Silicon UK) Popular business apps used across many enterprises are leaky and present security risks, warns Wandera, but it won't say which ones they are...

Why nation states threaten your cybersecurity (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.

We created cyber space – we need to protect it (iTWire) NATO’s Head of Cyber Security was very definite – “In the future Cyber threats will be considered a ‘conventional’ threat – just like terrorism, nucle...

Managing cyber risk top priority, but challenges remain (SecurityBrief New Zealand) Managing cyber risk is a top priority for businesses in the Asia Pacific region, yet vulnerability management strategies lag behind, according to new research from Tenable Network Security

Bromium invokes spirit of Turing as cyber attacks escalate (Business Weekly) Cambridge cyber security specialist Bromium has slammed the laissez faire approach of major businesses that is leaving their computer systems wide open to attack. CTO and co-founder Simon Crosby called for a radical change in attitude after the Government revealed that two-thirds of large UK businesses are being hit by cyber security attacks. Crosby said there was no


Putting a Digital Business Value on IT Security (Channel Insider) There's a long way to go in changing business execs' perception of security investments, yet solution providers should be pleased to see progress.

The role of cybersecurity insurance in the enterprise (SearchSecurity) Cybersecurity insurance is shaping up to be a major growth market. Here's a behind-the-scenes look at cyberinsurance.

Why Check Point Software Technologies Ltd. Stock Is Worth a Look (The Motley Fool) The data security provider doesn’t have the panache of its peers, but offers investors something the others can't: relative stability.

AurionPro sees impact of $100 million in value from Spikes Security acquisition (The Economic Times) With the deal, AurionPro has got access to "highly targeted and regulated industries such as banking, financial services, government and healthcare."

John McAfee Returns to Cybersecurity as CEO of John McAfee Global Technologies ( MGT Capital Investments has named John McAfee its new chairman and CEO and the company will be renamed John McAfee Global Technologies.

John McAfee’s first move as a new CEO is to rename the company after himself (TechCrunch) Some exciting news from the John McAfee camp today: America's favorite (and most entertaining) cybersecurity expert has a new gig! MGT Capital Investments, a publicly traded company that owns and operates social gaming apps, has announced the appointment of John McAfee as Executive Chairman and CEO…

Pwnie Express Raises $12.9M to Secure the Internet of Things (WSJ) As concerns grow about the security risks associated with the Internet of Things, investors are betting on companies like Pwnie Express Inc. that say they can mitigate them

Xconomy: Pwnie Express Rides Off With $12.9M to Hunt Rogue Devices (Xconomy) Warning: everything you thought you knew about corporate cybersecurity is about to change. That’s according to Paul Paget, the CEO of Pwnie Express, a

Pwnie Express Names Key Industry Veterans to Executive Team (Marketwire) Pwnie Express, the leading provider of device threat detection, today announced the appointment of Kasha Gauthier as CFO, Bo Thurmond as Vice President of Sales and Services, and Dimitri Vlachos as Vice President of Marketing. These appointments come on the heels of $12.9M...

Bayshore Networks Raises $6.6 Million From Trident Capital #Cybersecurity and Current Angel #Investors (Investor Ideas) Bayshore Networks, the cybersecurity leader for the Industrial Internet of Things (IoT), today announced that it has raised $6.6 million in Series A funding from Trident Capital Cybersecurity and its existing angel investors. Alberto Yépez, managing director of Trident Capital Cybersecurity, will join the company's board. Will Lin, vice president of Trident Capital Cybersecurity, will be a board observer

HP rolls out a new corporate venture unit (TechCrunch) There's a new corporate venture arm in town. Roughly six months after Hewlett-Packard finalized its division into two companies -- Hewlett Packard Enterprise, which focuses on servers, storage, networking, and security; and HP Inc., which continues to sell PCs and printers -- the latter is intro…

4 big and new cyber security consultancies to help business fight hackers - and 1 UK independent (Computer Business Review) List: BlackBerry, IBM, Dell, BT and BNSCyber feature on CBR's list.

Huawei Seeks to Partner Up with Korean Security Solution Providers (BusinessKorea) Huawei Technologies Co., a Chinese networking and telecommunications equipment and services company, is seeking to partner up with Korean information protection developers in order to push into Western markets.According to industry sources on May 10, Huawei is giving positive consideration to use Ko

This Popular Porn Site Just Debuted a Bug Bounty Program on Same Platform as the Pentagon (Fortune) Maximum bounty for hackers: $25,000. Pornhub, one of the world’s most popular pornography sites, unveiled a bug bounty program on Tuesday

CACI to provide electronic warfare support to U.S. Army I2WD (Military Embedded Systems) ARLINGTON, Va. U.S. Army Intelligence and Information Warfare Directorate (I2WD) will continue to receive hardware and software support from CACI in a multi-task order under the Rapid Response-Third Generation contract vehicle.

StanChart hires new cyber security chief from Symantec (Reuters) Standard Chartered has hired former Symantec Corp executive Cheri McGuire to be ...

Deep Run Security Services appoints new CTO (Washington Technology) Deep Run Security Services has appointed Scott Toth chief technology officer.

Former National Security Agency Deputy Director Chris Inglis Joins Board of Huntington Bancshares Incorporated (Marketwire) The Board of Huntington Bancshares Incorporated (NASDAQ: HBAN) ( has unanimously elected as a member retired National Security Agency Deputy Director Chris Inglis.A three-decade U.S. military cybersecurity professional, Inglis served in London as the U.S. government's senior liaison to NSA's British counterpart from...

PhishMe CEO Rohyt Belani Named EY Entrepreneur Of The Year(R) Mid-Atlantic 2016 Finalist (Marketwire) PhishMe® Inc., the leading provider of human phishing defense solutions, today announced CEO and co-founder Rohyt Belani has been recognized as an EY Entrepreneur Of The Year Mid-Atlantic finalist. The EY awards program, which is celebrating its 30th year, recognizes entrepreneurs who demonstrate...

Products, Services, and Solutions

Infosec freeloaders not welcome as malware silo VirusTotal gets tough (Register) 'Cause the takers gonna take, take, take

Webroot Secures IoT Gateways with Real-Time Collective Threat Intelligence (PRNewswire) Webroot Helps Developers of Critical Infrastructure Equipment Guard against Network and Internet Based Threats

Virtustream Joins AT&T NetBond® Ecosystem (PRNewswire) Ecosystem Grows to 15 Leading Cloud Providers

Belden Delivers Groundbreaking Cyber Security Solution for Energy Sector (BusinessWire) The new Tofino™ Xenon Industrial Security Appliance solution reduces the time and resources required to protect energy power generation and transmissi

PostFinance Fights Fraud and Security Threats with Splunk Enterprise (BusinessWire) Splunk Inc. (NASDAQ:SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced that PostFinance is using

NexDefense Enters Collaborative Agreement with General Dynamics Commer (PRWeb) NexDefense, the leading provider of cybersecurity for industrial control systems (ICS), today announced a new collaborative agreement with General Dynamics Commercial Cyber S

Docker Announces the General Availability of Security Scanning to Safeguard Container Content across the Software Supply Chain (BusinessWire) Docker today announced the general availability of Docker Security Scanning, an opt-in service for Docker Cloud private repo plans that provides a sec

WISeKey Reaches Agreement With CenturyLink on Cybersecurity Solutions (BusinessWire) Regulatory News: WISeKey International Holding Ltd (SIX: WIHN) (‘WISeKey’), a leading cybersecurity company, today announced a new agreement that enab

Technologies, Techniques, and Standards

Where to cut corners when the security budget gets tight (CSO Online) Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But what if those circumstances are bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up the proverbial creek without a paddle but fear not as some security pros are willing to throw out a lifeline to help you at least get your head above the water with some sage advice.

What Makes Next-Gen Endpoint Protection Unique? (Dark Reading) Here are five critical factors you need to know about today's new breed of endpoint protection technology.

What's new with mobile application management software? (SearchMobileComputing) Learn how mobile application management software has evolved to give IT more control over apps at the device level.

Lessons from tax season: 4 tips for preventing cyberattacks on the workforce (GCN) Scams targeting employees during this recent tax season serve as a sobering reminder of the significant security risks workers unknowingly pose to their organizations.

Design and Innovation

IBM Watson Brings AI Wonders to Cybersecurity (Fortune) 8 universities will help teach the machine to stop hacks.

IBM Watson Is Now Gunning For Cybercriminals (Lifehacker Australia) IBM Watson is a cognitive computing platform that uses artificial intelligence to essentially "think" for itself. A new cloud-based version of the technology dubbed Watson for Cyber Security has just been announced -- and its coming after hackers....


UMBC partners with IBM Research for cybersecurity lab (Baltimore Business Journal) Two-hundred days: that’s how long it takes, on average, for a company to realize someone has hacked into its system and is slowly siphoning data

UNB chosen by IBM for Watson for Cyber Security project (Newsroom) UNB is one of only eight universities in North America chosen by IBM to help the global firm adapt its iconic Watson cognitive technology for use in the cybersecurity battle. “This is a tremendous opportunity for the University of New Brunswick that fits well with our proud and productive partnership with IBM,” says Eddy Campbell,… Read More »

Computer science teachers need cybersecurity education says CSTA industry group (TechRepublic) The Computer Science Teachers Association (CTSA) is working on a cybersecurity certification program for computer science educators, so they can better teach students about computer security.

Legislation, Policy, and Regulation

GDPR challenges all organizations to mask EU data by default (Help Net Security) Organizations need to re-architect operations and adopt a secure, data-first approach ahead of the introduction of the European GDPR.

U.S. officials in Belgium to promote intelligence-sharing (Military Times) A U.S. government delegation is in Belgium to promote greater intelligence-sharing by Belgian and European authorities in the wake of the March suicide bombings that killed 32 victims here, the group's members said Tuesday.

John Key's $22m cyber security announcement: Industry insider opinion (SecurityBrief) Unless you’ve been living under an incredibly large rock, there is no doubt that you’ve heard about the Panama Papers leak

WhatsApp’s Brazil blackout could be the start of an international encryption fight (MIT Technology Review) Facebook’s popular messaging app was shut down by a judge in Brazil after improved encryption irked investigators.

Why Encryption Bans Won't Work: Brazil Government's WhatsApp Block Just Sends Users To Other Encrypted Platforms (Techdirt.) The battle against encryption being fought valiantly stupidly by the FBI, a few law enforcement figureheads, and a handful of legislators is an unwinnable war. Just ask Brazil, where the government has blocked WhatsApp repeatedly in an effort to force...

Agreement on Cyberattacks Will Not Stop China's Economic Theft (Epoch Times) This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article. Chinese telecommunications company Huawei recently unveiled its new P9 smartphone, and as a recent Wired headline states, “Huawei just copied the iPhone—down to the last …

Privacy, security experts spar over emails, calls ‘incidentally’ caught by NSA surveillance (The Washington Times) Privacy and national security analysts sparred Tuesday over suggestions to further limit law enforcement access to Americans’ phone calls and emails that are swept up as part of the National Security Agency’s surveillance of foreigners’ communications.

Privacy advocates want protections for US residents in foreign surveillance law (CSO Online) The U.S. Congress should limit the ability of the FBI to search for information about the nation's residents in a database of foreign terrorism communications collected by the National Security Agency, some privacy advocates say.

Litigation, Investigation, and Law Enforcement

Alleged British hacker not forced to decrypt his data (CSO Online) The U.K.'s National Crime Agency (NCA) failed in its attempt to use what critics described as a legal backdoor to force a suspected hacker to provide the decryption key for his data.

John Key thrown out of Parliament over Panama Papers row (Stuff) Parliament got rowdy - then John Key was given his marching orders.

Oracle vs Google restarts (Register) Oracle's and Google's armies of lawyerbots are about to boot up, suit up, line up, and restart the tech giants' Bleak House-like lawsuit about copyright over APIs

Clinton aide Cheryl Mills leaves FBI interview briefly after being asked about emails (Washington Post) Near the beginning of a recent interview, an FBI investigator broached a topic with longtime Hillary Clinton aide Cheryl Mills that her lawyer and the Justice Department had agreed would be off limits, according to several people familiar with the matter

Man Pleads Guilty To Hacking, Stealing Information From Celebrities (Dark Reading) Bahamian to be sentenced by US court for stealing and selling copyrighted information.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time...

Guarding the Grid (Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that...

Telegraph Cyber Security (London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of, an in-depth...

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management...

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity...

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.