skip navigation

More signal. Less noise.

Daily briefing.

Post mortems on the Bangladesh Bank cyber theft excite concerns over the integrity of SWIFT transaction records. Although SWIFT wasn’t directly compromised, some banks’ interactions with the system apparently were.

The attempt against Vietnam’s Tien Phong Bank—said to have been blocked—had a different destination for funds transfers than did the Bangladesh Bank caper. In the Vietnamese case, the funds would have been sent to an account in Slovenia.

Symantec has published findings on a major cyber espionage campaign targeting Indian government and financial sector enterprises. No attribution is offered.

Another malicious app has found its way into the Google Play Store. This one, “Black Jack Fee,” serves up, according to Lookout researchers, a variant of the Acecard banking Trojan.

Symantec continues to deal with a cross-platform vulnerability discovered in its anti-virus products.

One approach to cyber vigilantism has grown familiar over recent weeks: substation of a “public service announcement” for a Locky ransomware payload. F-Secure looks at this grey hat move.

Criminal marketplaces have evolved, of course, into simulacra of legitimate markets. Their enterprises now have, an HPE report says, help desks, HR departments, and so on. They also have their own exposure to other criminals: the hacker forum Nulled.IO, a popular souk for stolen data, has itself been robbed of its data.

In a developing story, there’s some evident LinkedIn credentials have been compromised. The nature and severity of the incident are presently unclear.

Chinese authorities quietly interrogate US companies about security, interviewing Apple, Cisco, and Microsoft.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. (If you feel so inclined, please give us an iTunes review.) Today we'll hear from the University of Maryland's Jonathan Katz on breaking ransomware encryption. We'll also talk with our guest, John Michelsen of Zimperium, on how mobile devices might be defended from the inside.

A note to our readers: today and tomorrow we're in Washington, DC, covering DCOI 2016, the second annual US-Israeli cyber security summit. We're live-Tweeting the proceedings, and we'll have extensive reports in tomorrow's and Friday's issues.


Today's issue includes events affecting Bangladesh, China, France, India, Iraq, Israel, Philippines, Slovenia, Syria, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam.

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Tien Phong Bank of Vietnam foils cyber attack attempt (Australian Business Reivew) Vietnam’s Tien Phong Bank has suffered a cyber attack involving an attempt to steal funds using the SWIFT global interbank messaging service, according to a senior official at the country’s central bank

That Insane, $81M Bangladesh Bank Heist? Here’s What We Know (Wired) When reports surfaced in February of a spectacular bank hack that sucked $81 million from accounts at Bangladesh Bank in just hours, news headlines snickered over a typo that prevented the hackers from stealing the full $1 billion they were after

Government units, top IT firm among cyber-espionage targets:Symantec (Economic Times) Two government organisations, one of the largest financial institutions and a top IT firm have been among the targets of an advanced cyber espionage group conducting long-term espionage campaigns against high-profile targets in India, as per cyber-security firm Symantec

Black Jack Free app carries deadly banking Trojan (Help Net Security) Despite Google’s best efforts, malware peddlers occasionally manage to get their malicious wares on Google Play. The latest example of this unfortunate reality is an app called Black Jack Free (

Flashlight App Spews Malicious Ads (TrendLabs Security Intelligence Blog) Not all Android phones come with a built-in flashlight feature in its operating system. Users would have to download flashlight apps to have this utility on their phone

Updated banking malware turns entire ATM into a skimmer (SC Magazine) Kaspersky Lab researchers discovered a new and improved version of the ATM malware dubbed “Skimmer” which targets banks and turns entire ATM machines into payment card skimmers

Gaping security hole found in Norton antivirus engine (TechRadar) Affects Symantec security products across the board

Symantec antivirus security flaw exposes Linux, Mac and Windows (Engadget) A victim doesn't even need to open the email for this exploit to work

Database mix-up let some smart doorbell users see video from others' homes (Graham Cluley) I can see your front porch from here!

Sexting Forum, UltraVNC and 17 Others Targeted By Angler Drive-Bys (Infosecurity Magazine) A fresh Angler exploit kit campaign is targeting Sexting Forum and 18 other sites

Pornhub says hacker’s claim of taking control of web server is a hoax (Naked Security) Less than a week after announcing a new bug bounty program, the adult website Pornhub is refuting claims that its web server was compromised by a hacker

Tech support scammers start locking Windows computers (Help Net Security) Tech support scammers have come up with a new way to trick users into sharing their payment card information: screen lockers showing fake Windows alerts telling users that their Windows copy has expired or has been corrupted

Locky Ransomware Distribution Network Hacked to Show Warning Message Instead (Softpedia) Hacking malware botnets is becoming a common occurence

PSA Payload Via Hacked Locky Host (F-Secure: News from THE LAB) Earlier this month, researchers at Avira discovered a Locky crypto-ransomware distribution network that had been hacked by a grey hat. In an apparent effort to disrupt Locky, the hacker replaced the payload with a 12 byte text file – which contained the message “Stupid Locky”

GhostShell Leaks Data From 32 Sites In ‘Light Hacktivism’ Campaign (Dark Reading) After a few months of silence, the Romanian hacktivist is back to expose the dangers of leaving FTP ports unprotected

Basic Phishing scam successfully targets PR agency, reporters (CSO) The scam is simple, but effective, victimizing both journalists and PR professionals

OpAfrica: Anonymous Deface South African University, Huge Data Leaked (HackRead) New World Hackers (NWH), a group of hackers linked with the online hacktivist Anonymous defaced the official website of Limpopo university in South Africa – The hacktivists also leaked a trove of data stolen from the university’s server

Anonymous Target North Carolina Government Sites Against anti-LGBT Law (HackRead) Anonymous, the world’s most active group of hacktivists, has taken down a number of government websites in North Carolina over the last few days. The reason behind attacking the websites is the Bathroom Law

Phishing attack compromises City College of San Francisco student data (SC Magazine) The City College of San Francisco (CCSF) reported that student information of about 7,500 students was compromised when an employee responded to a phishing email, college spokesperson Jeff Hamilton told via emailed comments

In One Year, Videology and White Ops Blocked More Than 28 Billion Bot Requests On Video Advertising Campaigns; Equivalent of $553 Million in Wasted Ad Spend (PRNewswire) Videology, a leading software provider for converged TV and video advertising, today announced the company has blocked more than 28 billion fraudulent bot requests through its advertising platform since integrating with White Ops, a pioneer in sophisticated invalid traffic detection and prevention, in May of 2015

Nulled.IO Hacking Forum Hacked, Trove of Data Stolen (HackRead) The year 2016 has been hard on internet users and websites alike since more than 1,076 data breaches have occurred. The latest on this front is that the well-known Nulled.IO, a popular forum for hackers which has been hacked and its data leaked

A hacker is selling 167 million LinkedIn user records (Computerworld) The data includes hashed passwords for 117 million accounts and likely dates back to 2012

Hewlett Packard Enterprise Uncovers Inner Workings of the Cybercriminal Economy (Marketwired) Hewlett Packard Enterprise (NYSE: HPE) today published "The Business of Hacking," an extensive report assessing the underlying economy driving cybercrime

The Business of Hacking (HPE) HPE’s Business of Hacking Report is a SWOT analysis of hacking that uncovers strengths and weaknesses you can attack & exploit to disrupt hackers and their business

Cybercriminals are increasingly embracing a sophisticated business-model approach (CSO) Criminal hacking groups can employ HR specialists, marketers, and training gurus, HPE says

Cybercriminal business model vulnerable to intervention (CSO) Cybercrime may be booming but its business model is vulnerable on many fronts, according to a new report

Cybercrooks Think More Like CEOs And Consultants Than You Think (Dark Reading) Speaking the language of the board room, and understanding things like value chain and SWOT analysis, might help you speak the language of the adversary

The 3 biggest cybersecurity risks posed in the 2016 presidential election (Help Net Security) Here’s a question for you: What do the four recent cyber attacks from the hacker group Anonymous have in common?

Security Patches, Mitigations, and Software Updates

Apple Makes Security Improvements to iOS and OS X (eWeek) iOS alone is being patched for 39 vulnerabilities, but it's not just about fixing existing flaws; the update is also providing new features to harden security

Apple’s big security update – but some iPad Pro users say they’ve been “bricked” (Naked Security) Apple’s latest tranche of security updates is out. The complete list is covered by six Apple Security Advisories

Cyber Trends

Only two percent of IT experts consider third-party secure access a top priority (Help Net Security) Soha Systems released a report based on a survey conducted by the newly formed Soha Third-Party Advisory Group, which consists of security and IT experts from Aberdeen Group, Akamai, Assurant, BrightPoint Security, CKure Consulting, Hunt Business Intelligence, PwC, and Symantec

Former NSA Deputy Director Shares Strategies for Cybersecurity Challenges (O'Dwyer's) One of the biggest threats facing a company’s reputation today is the possibility of being hacked. Unfortunately, there’s only so much a company can do to prevent this kind of crisis. As some experts have said, there are two kinds of companies: those that have been hacked and those that have been hacked but don’t know it yet


Hacking Palo Alto Networks' Growth (Seeking Alpha) Good product differentiation, modest international exposure, great revenue composition, and a potentially good entry point set Palo Alto apart from its cybersecurity peers. Palo Alto is essentially a growth play: can the growth it has experienced continue? What does investing in PANW boil down to? And what should we expect in the upcoming earnings release?

Finjan (FJNJ) Soaring on Possible Licensing and Enforcement News (Equities) Finjan Holdings, Inc. (FNJN), the company that holds many of the patents on common cyber security protections systems, has been steadily rising. Over a period last week, shares rose 22%. They recently announced a $10.2 million Series A Prefered Stock offering

JPMorgan Starts Secureworks At Overweight, $18 Target (Benzinga) With the development of the Counter Threat Platform [CTP], Secureworks Corp SCWX has built “the right amount of technology” to drive a scalable and eventually profitable Managed Security Service [MSS] business for Enterprise customers, JPMorgan’s Sterling Auty said in a report

Hewlett Packard Enterprise Co Launches an Internet of Things Platform (Motley Fool) Is HPE likely to succeed jumping onto the crowded IoT bandwagon?

Ripjar - the UK data intelligence startup that wants to beat Palantir and IBM (TechWorld) Reputation management, customer intelligence, cybersecurity - the data knows it all

AKUA Selects Baltimore-based Practical Technologies Inc. (PTI) as its Trusted Contract Manufacturer (PRNewswire) AKUA LLC and Practical Technologies Inc. (PTI) jointly announced today that they have entered into a contract manufacturing agreement to manufacture electronic conveyance devices and sensors at PTI's Baltimore facilities

Area 1 Security Named a Cool Vendor in Security Threat Intelligence by Gartner (PRNewsire) Innovative cybersecurity company provides a dynamic and predictive approach to stopping phishing and targeted attacks

Thales strengthens commitment to Middle East cybersecurity market (Zawya) New executive appointments as Thales focusses on strengthening its information security presence Middle East

PhishLabs Adds Former SecureWorks COO to its Board of Directors (PRWeb) Steven Drew brings high-growth operational experience to PhishLabs in strategic advisory role

Products, Services, and Solutions

Guy Carpenter partners Symantec for cyber model (Insurance Insider) Reinsurance broker Guy Carpenter has announced a strategic alliance with technology firm Symantec Corporation to develop a cyber aggregation model

Webroot Introduces IoT Gateway Protection with Real-Time Threat Intelligence after Receiving Top Cybersecurity Honors from Frost & Sullivan (PRNewswire) Latest innovation demonstrates Webroot's strategic product development to protect critical, cloud-connected infrastructure

Porter Novelli And AIM Sports Reputation Management Launch Cybersecurity Offering For Collegiate And Professional Sports (PRNewswire) PNProtect from Porter Novelli and Rook Security will help teams prevent and mitigate cybersecurity risks

New Imperva Camouflage Data Masking Reduces Risk of Sensitive Data Theft and Non-Compliance for Global Enterprises (Marinelog) Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today unveiled Imperva Camouflage Data Masking, a new offering that enables enterprises to replace sensitive data, such as personally identifiable information, embedded in business processes with realistic fictional data

Check Point Expands Its Industry-Leading SandBlast™ Zero-Day Protection to Cloud-Based Email (CSO) As enterprises undergo a rapid migration towards the use of cloud infrastructure for email, Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced SandBlast Cloud to protect organisations from the ongoing trend of cyber criminals using email as a primary entry point for attacks

Technologies, Techniques, and Standards

Manufacturing and Cyber Security: A 5 Step Process to Create Internal and Customers’ Peace of Mind (Cerasis) Cyber security is rapidly becoming a dominant concern for manufacturers and consumers

When it comes to wireless networks, security can't be an afterthought (Security Brief) TAGS Cybersecurity, Wavelink, Wireless, Network Secuirty The Internet of Things, bring-your-own-device (BYOD) office environments, and cloud-based applications are contributing to rapid changes in how organisations deploy and use wireless networks. With these changes come new security challenges for wireless networks and different approaches to deal with them, according to Ilan Rubin, managing director of Wavelink

10 conseils pour lutter contre les ransomware dans l'entreprise (avant d'être attaqué) (ZDNet) Sécurité : Un ransomware? C'est un logiciel malveillant qui infecte le système d'information, et le bloque. Une rançon doit ensuite être payée par l'entreprise pour retrouver données et usage des applications. Quelques conseils pour éviter cette péripétie qui peut-être fort couteuse

Design and Innovation

Here's Why Blockchains Will Change the World (Fortune) The Bitcoin technology creates the World Wide Ledger of value

Soon We Won’t Program Computers. We’ll Train Them Like Dogs (Wired) Before the invention of the computer, most experimental psychologists thought the brain was an unknowable black box. You could analyze a subject’s behavior—ring bell, dog salivates—but thoughts, memories, emotions? That stuff was obscure and inscrutable, beyond the reach of science

Research and Development

Academics Make Theoretical Breakthrough in Random Number Generation (Threatpost) Two University of Texas academics have made what some experts believe is a breakthrough in random number generation that could have longstanding implications for cryptography and computer security

Aspen Institute Launches Intense Investigations Into Emerging Threats To The Financial Security Of American Families (PRNewswire) First "EPIC" Team targets growing income volatility that devastates family budgets


Partnership prepares undergraduates to tackle cybersecurity (Globe Newswire) In a time when million-dollar security breaches of major corporations regularly make headlines and complicate lives, computer science undergraduates at America's universities remain surprisingly underexposed to basic cybersecurity tactics

Legislation, Policy, and Regulation

China Discreetly Interrogates Apple, Cisco, and Microsoft About Security (Fortune) Little is known about the in-person interrogations. Chinese officials are subjecting United States technology companies to so-called security reviews

Inside the government's secret NSA program to target terrorists (Fox News) Relentless attacks on American military personnel at the height of the Iraq war made the U.S. intelligence community confront a dire problem: They needed real-time intelligence to take Al Qaeda off the battlefield and dismantle its bomb-making factories

DOD Must Rapidly Adapt to IoT Because Enemies Already Have (SIGNAL) The U.S. military must be able to rapidly leverage both technologies and new policies surrounding the Internet of Things—not to keep pace with industry, one official said, but because U.S. adversaries already have figured out how to adapt and capitalize on what’s available

Litigation, Investigation, and Law Enforcement

Facebook, YouTube and Twitter face legal action over hate speech (Naked Security) Three French anti-racism groups on Sunday declared that they’ll be filing legal complaints against Facebook, Twitter and YouTube for failing to remove “hateful” posts aimed at the black, Jewish and homosexual communities

Man accused of cyber attack on police forces appears in court (Shields Gazette) An alleged internet hacker accused of launching cyber attacks on a pair of police forces and an airline giant has appeared in court

Hacker cost British Airways £100,000 in cyber attack, court told (Mirror) Paul Dixon, 23, is also accused of disabling websites of Durham Police, Police Scotland and video game retailer CeX

Ukrainian Pleads Guilty To Stealing Press Releases For Insider Trading (Dark Reading) In largest known cyber securities fraud to date, hackers and traders made $30 million from unreleased press releases

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration...

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of, an in-depth...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first...

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.