skip navigation

More signal. Less noise.

Daily briefing.

Operation Groundbait continues to chum for influential meat fishermen in eastern Ukraine. Don’t be too quick with attribution—hybrid war is rarely obvious—but the targets seem to be, generally speaking, pro-Russian. ESET is tracking the campaign.

One associates information operations in social media with ISIS. But don’t overlook the Chinese government. A study outlines the role played by the “50-centers” (so named for the rumored fifty cents a post they’re paid). Their piecework is estimated to churn out about 488 million posts annually. The content is propaganda; the audience is largely domestic.

Phineas Phisher remains on the hacktivist stage, now with an exposé of alleged brutality by Catalan police. He’s also said to have taken down a police union server.

Ransomware holds its place as businesses’ principal threat. But some good news arrives: ESET took a direct approach and asked TeslaCrypt’s proprietors for their key. They gave it up, said they were sorry, and told Bratislava they were closing up shop. One may doubt the remorse, but the key seems genuine.

Conficker, patched by Microsoft in 2008, is still around. Check Point says the worm was implicated in one in every six identifiable attacks last month. (It doesn’t have to be a zero-day to work.)

Investigation suggests a Bangladesh Bank official’s compromised computer was used in the SWIFT-related hack. The Bank of England tells UK financial institutions to buck up the security of their interactions with SWIFT.

The US House wants to make Cyber Command a Unified Combatant Command.


Today's issue includes events affecting Canada, France, China, Germany, India, Israel, Italy, Japan, Republic of Korea, Russia, Singapore, Spain, Ukraine, United Kingdom, United States.

Today we're in Laurel, Maryland, attending the Jailbreak Security Summit, the world's leading cyber security and craft beer event. This year's focus is Internet-of-things security. Watch for live Tweets today, and a report next week.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the week. Today's guests are our research partner, Accenture Labs' Malek Ben Salem who discusses semantic technology for cyber defense. We'll also hear from historian and author Abby Smith Rumsey who'll talk about her book, “When We are No More: How Digital Memory Memory Will Shape Our Future." (If you enjoy the Podcast, please share your enjoyment with an iTunes review.)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Dateline DCOi 2016

DCOi 2016 (INSS) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization t that aims towards enhancing collaboration between the United-States and Israel in cybersecurity. The summit is supported by Israel state agencies alongside companies and corporation across the United-States and Israel and is free of charge for registrants. DCOI 2016 will present best technological and creative skills, industry leaders and some of the most innovative entrepreneurs in the world

US-Israel Cyber Cooperation: The US brings information; Israel brings agility of innovation. (The CyberWIre) Organized by the Institute for National Security Studies (INSS, based at Tel Aviv University), DCOi featured high-level participation by both Israeli and US officials engaged in various aspects of cyber security. It also served as an opportunity for Israeli security companies to introduce themselves to the US market. Two overarching themes emerged: the centrality of rapid cyber intelligence development and sharing to security, and the importance of agility in developing and deploying security solutions

Cyber Attacks, Threats, and Vulnerabilities

New Cyber-Espionage Campaign Targets Pro-Russian Separatists in Ukraine (Softpedia) ESET claims the attackers are Ukrainian-based. A cyber-espionage campaign named Operation Groundbait has been targeting members of the Ukrainian government and the Russian-backed separatists with clever spear-phishing emails and a custom malware family

Meet the Chinese Trolls Pumping Out 488 Million Fake Social Media Posts (Foreign Policy) New research exposes a "massive secretive operation" to fill China’s internet with propaganda

Catalan Police Union Server Destroyed, Data Leaked Against Police Brutality (HackRead) A couple of hours ago HackRead reported on a robin hood hacker going with the handles “Phineas Phisher” “Hack Back!” and “@GammaGroupPR” stealing Bitcoins and donating them to Kurdish groups. Yes, the same hacker who previously hacked Hacking Team and the developers of FinFisher malware. Now, he’s back with another hack and this time the target is the official website of Sindicat De Mossos d’Esquadra (SME) or the Catalan Police Union

Phineas Fisher records, publishes latest attack (Help Net Security) Phineas Fisher, the hacker behing the Gamma International and Hacking Team breaches and data leaks, is at it again

TeslaCrypt ransomware gang shuts up shop, reveals master key (Naked Security) Articles about ransomware often don’t make terribly happy reading, especially if you’re looking at a “pay page”

Bangladesh Official’s Computer Hacked To Carry Out $81 Million Theft (Dark Reading) Bangladeshi diplomat shares FBI report with Philippine inquiry panel on Bangladesh Bank theft

Android Qualcomm Vulnerability Impacts 60 Percent of Devices (Threatpost) A flaw in Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE)

An eight-year-old virus is still infecting thousands of PCs (ZDNet) The malware [Conficker] accounted for more than one-in-six recognized attacks in April

Android Pay may, er, pay... providing it gets over security hurdle (Register) Electro-wallet hit by malware worries

The gravest dangers for CMS-based websites (Help Net Security) Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento

A Quarter of All Hacked WordPress Sites Can Be Attributed to Three Plugins (Softpedia) WordPress was the most targeted CMS of Q1 2016. Security firm Sucuri says that, during the first three months of 2016, the company saw a large number of attacks targeting websites running on the WordPress CMS platform

Ubiquiti routers hit by backdoor-generating worm (Help Net Security) A worm targeting wireless network equipment developed by US-based Ubiquiti Networks has already managed to compromise thousands of routers across the world

SOURCE Boston: Medical devices still vulnerable, but things may be changing (CSO) Most connected medical devices contain multiple flaws that make them vulnerable to hacks

Noodles & Company Probes Breach Claims (KrebsOnSecurity) Noodles & Company [NASDAQ: NDLS], a fast-casual restaurant chain with more than 500 stores in 35 U.S. states, says it has hired outside investigators to probe reports of a credit card breach at some locations

Milwaukee Bucks victim of email spoofing attack (WISN ABC 12) Scammer posed as Bucks President Peter Feigin

Grindr Promises Privacy, But It Still Leaks Your Exact Location (Wired) A few days ago, I warned my wife that the experiment I was about to engage in was entirely non-sexual, lest she glance over my shoulder at my iPhone

Security Patches, Mitigations, and Software Updates

Bank of England orders UK banks to upgrade cyber security after second SWIFT attack (Computer Business Review) UK banks have been ordered to step up their security by the Bank of England (BoE), after the second attack on a major financial institution this year

Cisco patches high-severity flaws in its Web Security Appliance (Computerworld) The flaws can be exploited with specifically crafted HTTP requests to cause denial-of-service conditions

Cyber Trends

Microsoft: U.S., Italy and Canada Are Top Ransomware Targets (eWeek) The Microsoft Malware Protection Center tracks the spread of ransomware and offers tips on how to avoid it in observance of Ransomware Info Day

There Is No Peacetime in Security: Juniper's Paul (InfoRisk Today) Juniper's CTO on Asian security, virtualized security


Security Products Shield Cisco From Weak Networking Market (CFO) A 17% gain in revenue from the security business helped offset weak demand for Cisco's network and routing systems in the third quarter

These 4 Megatrends Should Benefit FireEye (Motley Fool) Increasingly prevalent cyber crime could lift demand for the cybersecurity company's services for many years

Activist Focus: Is It Time To Get Long Infoblox? (Seeking Alpha) Starboard Value filed a 13D on April 22, 2016, disclosing a 7.1% stake. The activist fund is nominating directors to the Infoblox board. A possible sale of the company will likely emerge in the coming months after the Thoma Bravo’s takeover offer

Hewlett Packard Enterprise Makes $100 Million Bet on Startups (Indsutry Week) Putting money into startups is a way for the company to contend with new technologies from rivals like Amazon and Google. It’s also an effort to end a checkered spending pattern on acquisitions in the past decade

INSIDE Secure to Sell Its Semiconductor Business to Swiss Cybersecurity Expert WISeKey (BusinessWire) Exit from semiconductor to complete repositioning of INSIDE Secure as a software security and technology licensing company for mobile and IoT applications

KEYW Agrees To Sell Last Of Commercial Cyber Security Product Business (Defense Daily) KEYW Corp. [KEYW] on Wednesday said it has agreed to sell the remaining product line of its commercial cyber security business, Hexis Cyber Solutions, to an undisclosed private equity firm.Terms of the deal were not disclosed.KEYW said its Hexis HawkEye G product

Juniper Networks CFO: The First 100 Days (Wall Street Journal) Ken Miller has more than a decade of experience at Juniper Networks Inc. Yet the first 100 days of his tenure as finance chief have been a lesson in strategic planning

Greg Kushto: Agencies could be facing a cyber brain drain (Federal News Radio) For a variety of reasons, a large number of people seem to be leaving government for the private sector. Greg Kushto, a former cyber official at the Department of Agriculture and now the director of the Security Practice at Force 3, tells Federal Drive with Tom Temin this could mean a brain drain in crucial cybersecurity skills

Closing the Gender Gap in Cybersecurity: 3 Critical Steps (Dark Reading) Women in security need to step up as industry role models and set the example for future generations. Here's how

CyberArk Named a 2016 Best Place to Work in Massachusetts (Yahoo! Finance) CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, has been named one of Boston Business Journal’s 2016 Best Places to Work

Products, Services, and Solutions

Easy Solutions Selected as UK Government G-Cloud Approved Supplier (BusinessWIre) Easy Solutions, the Total Fraud Protection® company, today announced it has been registered as an approved supplier for the UK Government’s latest G-Cloud Digital Marketplace framework, G-Cloud 7

Hillstone Networks Partners With Mirantis to Deliver a Firewall as a Service Solution at Scale (BusinessWire) Joint security solution provides protection for OpenStack-based public and private clouds

Observable Networks Announces Integration with Amazon Inspector Service (Benzinga) Observable Networks Inc., an emerging leader of advanced threat detection services, is proud to announce the integration between its Dynamic Endpoint Modeling solution and Amazon Inspector, an automated security assessment service that helps improve the security and compliance of applications deployed on the Amazon Web Services (AWS) Cloud

Unisys (UIS) Launches USP: A Secure Digital Banking Platform (Zacks) Information technology firm, Unisys Corporation (UIS - Analyst Report), recently announced that it would be launching a new digital banking platform in collaboration with Sandstone Technology and Payment Card Technologies (PCT)

Rapid7 Earns CREST Certification for Penetration Testing Services (Globe Newswire) Rapid7, Inc. (NASDAQ:RPD), a leading provider of security data and analytics solutions, has been awarded CREST membership, which recognizes the consistently high standard of service provided by Rapid7

Deloitte Team Launches Custom Blockchain Solution Rubix Core (Bitcoin Magazine) Earlier this month, the Rubix by Deloitte team started rolling out their beta product, Rubix Core, with an early release to a group of selected clients in preparation for an upcoming broader release

Duo Security Brings Accessibility to User Authentication (PRNewswire) Duo Security, a cloud-based trusted access provider protecting the world's largest and fastest-growing companies, today announces accessibility enhancements for end-users with limited vision and motor skills.

Oddly Named App Makes Sharing Your Location Less Creepy (Wired) Parents see an obvious benefit to location-sharing mobile apps—keeping track of their kids. Almost everyone else considers broadcasting your location 24/7 a pointless threat to privacy that quickly drains your battery

Company Update (NASDAQ:FEYE): FireEye Inc Announces iSIGHT Partners Threat Intelligence Integration Into the FireEye Global Threat Management Platform (Smarter Analyst) FireEye Inc (NASDAQ:FEYE), the leader in stopping today’s advanced cyber attacks, today announced the integration of iSIGHT Partners threat intelligence into the FireEye® Global Threat Management Platform — enhancing customers’ abilities to proactively anticipate, detect, and respond to cyber threats

Tenable Network Security Delivers Actionable Security Intelligence Based on Verizon 2016 Data Breach Investigations Report (BusinessWire) Comprehensive dashboards and report cards help customers adopt DBIR recommendations and best practices for better protection against new and emerging cyber threats

Technologies, Techniques, and Standards

Singapore Issues Guidance for Cloud Outage Threats (Inforisk Today) New guidelines meant to enhance business resiliency

Vendors must collaborate to solve Infosec insecurities (Gigaom) IT security has become one of the most complex elements of a modern IT environment, requiring layers of protection, along with advanced analytics to block attacks, halt intruders and secure data

Why Security Investigators Should Care About Forensic Research (Dark Reading) Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub

Experian offers 12 tips to safeguard security from the Internet of Things (PRNewswire) The benefits of Internet of Things are only as strong as the weakest connected point

The Tiny Town Where Air Force Cadets Learn to Drop ‘Cyber Bombs’ (Defense One) The future of cyber warfare training looks like a model railroad where network security majors take turns turning off the lights

Research and Development

Cybersecurity breakthrough: Computer scientists figure out how to produce truly random numbers (International Business Times) Computer scientists in the US have made a cybersecurity breakthrough by developing a new method for producing truly random numbers, which could be used to greatly improve data encryption and improve security for everything from consumer credit card transactions to electronic voting to military communications

New Surveillance System May Let Cops Use All of the Cameras (Wired) The 30 million or so surveillance cameras peering into nearly every corner of American life might freak you out a bit, but you could always tell yourself that no one can access them all. Until now


TCC named National Center of Academic Excellence in Cyber Defense (Inside Business) Gov. Terry McAuliffe announced Thursday that Tidewater Community College is the latest Virginia institution to be named a National Center of Academic Excellence in Cyber Defense by the United States National Security Agency and the Department of Homeland Security

SWAMP Partners With Bowie State To Tackle Cybersecurity Skills Gap (Homeland Security Today) The global shortage of cybersecurity professionals with the skills necessary to combat the ever-evolving threats facing the United States has left the nation increasingly vulnerable to attack

Raytheon partners with American University's Kogod Cybersecurity Governance Center (PRNewswire) Company joins in efforts to advance cybersecurity research and education

Legislation, Policy, and Regulation

G-7 Nations Race to Bolster Security Against Cyberattacks in Finance (Wall Street Journal) Group of Seven officials meeting in Japan discuss ways to coordinate efforts to fend off hackers

China Subjects Tech Imports to Heavy Security Scrutiny Print Email (eCommerce Times) China is investigating the encryption and data storage features of technology products sold there by large foreign companies such as Apple, The New York Times reported this week

U.S. Cyber Command elevated to unified command unit, White House objects (SC Magazine) A bill cleared the House on Wednesday that establishes U.S. Cyber Command as a standalone unit

Cyberspace's invisible armies (Ecns) Military strategists believe cyberspace is the "fifth combat space" after land, sea, air and outer space

REUTERS SUMMIT-U.S. futures regulator targets cyber security, automated trading (Reuters via the Daily Mail) The U.S. Commodity Futures Trading Commission plans to finalize rules on cyber security, automated trading and position limits this year, as it tidies up final requirements related to the Dodd-Frank financial reform law, its chairman said on Thursday

Survey: OPM breach did little to raise feds' cyber posture (Federal Times) A new survey of federal cybersecurity executives and contractors shows a split opinion on whether the massive breach of Office of Personnel Management networks and subsequent Cyber Sprint did anything to improve federal cybersecurity

Survey: Federal cyber execs underwhelmed by ‘cyber sprint’ (FedScoop) The sprint is "turning into a marathon for some agencies," said one former CISO in the report

Navy will ask its workforce for help to solve legacy IT, cyber challenges (Federal News Radio) With the notion that the best cybersecurity starts with the best people, the Department of the Navy is asking its own workforce for ideas

The Navy wants to hire chiefs and captains – off the street – to fill cyber roles (Navy Times) Now hiring: Navy captain, cyber warfare expert, no previous military experience necessary

Ransomware Threat Continues to Grow as Lawmakers Take Interest (eWeek) In a Senate hearing, the chief of technology of a school district that suffered a ransomware attack tells legislators that the incident was "one of the most disruptive events in our history"

Does India's New IPR Policy Go Far Enough? (InfoRisk Today) Experts say Intellectual Property Rights Policy lacks detail

Litigation, Investigation, and Law Enforcement

French security chief warns Islamic State plans wave of attacks in France (Reuters) Islamic State militants are gearing up for a campaign of bomb attacks on large crowds in France, host to next month's Euro 2016 soccer championships, its spy chief has said

US Widens Sanctions on Islamic State, Al-Qaida Branches (ABC News) The United States expanded sanctions Thursday against affiliates of al-Qaida and the Islamic State group operating across the Middle East and North Africa, reflecting the spreading threat of extremism far beyond the groups' traditional strongholds in Iraq, Syria and Afghanistan

US adds ISIS in Yemen, Libya, Saudi to terror list (CNN) The U.S. added ISIS affiliates from Libya, Saudi Arabia and Yemen to its list of designated terrorist organizations on Thursday

NYC Man Who Joined Then Escaped ISIS Speaks Out Against 'Evil' (NBC News) He left the United States to join ISIS and then fled the group after five months. Now a New York City man is revealing the disturbing details of his journey into the heartland of terror — and warning others not to follow in his footsteps

Firefox users left feeling vulnerable as judge keeps Tor hack under wraps (Naked Security) Millions of users of Mozilla’s Firefox web browser may be at risk, thanks to a ruling handed out by a federal judge on Monday

What are 150,000 stolen press releases worth? About 20 years in prison (Naked Security) Press releases. A dime a dozen, right? What could be more worthless? Unless you break into the systems where they’re being staged for release, steal them before they go public, and then help people trade on the secrets you’ve uncovered

Chelsea Manning’s Appeal Took Three Years to File. Here’s Why (Wired) Imprisoned Wikileaks whistleblower Chelsea Manning filed an appeal this week, three years after she was sentenced to 35 years in prison for what is still considered the largest leak of classified government documents in history

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of, an in-depth...

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management...

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity...

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.