skip navigation

More signal. Less noise.

Daily briefing.

Malwarebytes researchers warn that a fresh, more dangerous version of DMA Locker ransomware will soon appear in the wild. DMA Locker was famous for its easily cracked encryption, but in version 4.0 the criminal developers seem to have done better. (Right for them, wrong for the rest of us.)

Turla espionage malware has hit Swiss defense firm RUAG. Switzerland’s CERT describes the attack as as careful, closely targeted, and patient. It seems to have begun at least as early as 2014.

ESET last week received the keys to TeslaCrypt, along with something like an apology from the ransomware’s criminal controllers. But there’s less remorse here than meets the eye: Bleeping Computer says TeslaCrypt’s impresarios have shifted to CryptXXX.

The recently patched Flash zero-day has been integrated into at least three exploit kits: Magnitude, Angler, and Neutrino.

In industry news, the SWIFT funds transfer system plans to release a plan for upgrading security sometime today. The organization intends to improve information sharing, “harden” security requirements for its member institutions, and offer help detecting fraud through some form of pattern recognition.

IBM is preparing for layoffs, but it’s still hiring in the areas into which it intends to expand, notably security.

Panama Papers post mortems proceed, reaching some consensus among observers that Mossac Fonseca was the victim of an SQL injection attack.

The US House and Senate have published versions of the Defense Authorization Act; both have significant implications for cyber policy.

Phineas Phisher seems to be starting a hack-back political movement.


Today's issue includes events affecting China, Israel, Kenya, Romania, Russia, Slovenia, South Africa, Switzerland, Turkey, United Kingdom, United States.

Tomorrow and Thursday the CyberWire will be covering Georgetown University's Cyber Law Institute. Watch for a full account in upcoming issues, and follow us as we live Tweet from this always interesting conference.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our research partners at Quintessence Labs are up, as their John Leiseboer explains some security aspects of cloud data storage. We also have Robert Lord from Protenus as our guest: he'll talk about protecting the privacy of medical records. (If you feel so inclined, please give us an iTunes review.)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

Swiss Attack Conducted by Patient and Sophisticated Hackers (Infosecurity Magazine) A cyber-attack targeted at the Swiss defense contractor RUAG used malware from the Turla family, which had no rootkit functionality, but relied on obfuscation to stay undetected

Unraveling Turla APT Attack Against Swiss Defense Firm (Threatpost) Ever since hackers targeted Swiss defense contractor RUAG, government officials have been tight lipped about the breach. But on Monday Switzerland’s CERT (Computer Emergency Readiness Team) spilled the beans on the attack against the firm and the how perpetrators pulled it off

Cyber Lessons From The Panama Papers Hack (SIGNAL) April marked one of the largest data breaches in history, with 11.5 million confidential documents leaked online. How did it happen—and what can we learn from it?

SQL injection: The oldest hack in the book (IT Pro Portal) The latest reports suggest the highly publicised ‘Panama Papers’ data leak was the result of a hacking technique known as SQL injection. With 11.5 million files being leaked, the Mossack Fonseca breach exceeds even the 1.7 million files leaked by the infamous Edward Snowden

Expert Comments on Anonymous Hacker Targets Turkish Patients (Information Security Buzz) Following the news of an Anonymous hacker gaining access to Turksih citizens’ hospital information, David Emm, Principal Security Researcher at Kaspersky Lab commented on this news below

LinkedIn's poor handling of 2012 data breach comes back to haunt it (Graham Clulely) How to handle a data breach incident four years too late

DMA Locker ransomware ready for mass distribution (Help Net Security) According to Malwarebytes’ researcher Hasherezade, we’re in for a lot of pain once the new and improved DMA Locker ransomware starts doing the rounds

Ransomware Shuts Down, Issues Key (Industrial Safety and Security Source) A ransomware operation shut down and is now offering a free decryption key to unlock files

Three Exploit Kits Spreading Attacks for Recent Flash Player Zero Day (Threatpost) Exploits for the most recent Adobe Flash Player zero-day vulnerability have been integrated into the Angler, Neutrino and Magnitude exploit kits, and are leading compromised computers to different ransomware strains, banking malware, and a credential-stealing Trojan

Jaku: Analysis of a botnet (Help Net Security) In May 2016, the Special Investigations team at Forcepoint revealed the existence of a botnet campaign that is unique in targeting a very small number of individuals while in tandem, herding thousands of victims into general groups

How To Tell The Good Bots Vs. The Bad Ones (PYMNTS) Though botnets may make life more convenient, a security firm says that roughly 40 percent of them are actually malicious, VentureBeat reported late last week

Exposed: Scam company impersonates cybersecurity brands, tricks hundreds out of money (Information Age) A sham online tech support firm has been found extorting innocent people out of hundreds of dollars to do absolutely nothing, then 'revenge breaking' their computers, all while riding on the coat tails of legitimate security firms

The Scunthorpe Problem returns as PayPal blocks Isis Close residents (Inquirer) Crisis for PayPal users until company reaches anagnorisis

Hackers Destroy Fur Affinity Art Gallery Website (Hack Read) A well-known and widely followed online hub of furries community called Fur Affinity disappeared from the web

A Notorious Hacker Is Trying to Start a ‘Hack Back’ Political Movement (Motherboard) In August of 2014, a hacker shook the cybersecurity world by exposing the secrets of the infamous government surveillance vendor Gamma Group, the makers of the spyware FinFisher

Face recognition app taking Russia by storm may bring end to public anonymity (Guardian) FindFace compares photos to profile pictures on social network Vkontakte and works out identities with 70% reliability

Security Patches, Mitigations, and Software Updates

Swift outlines fightback against cyber theft (FInancial Times) The head of Swift will on Tuesday present a plan to fight back against a wave of recent cyber thefts at members of the global bank payment messaging network

Why Microsoft's New Office 2016 Macro Control Feature Matters (Dark Reading) Resurgence in macro attacks result in Microsoft adding new protections from macro abuse

Hit by an unexpected Windows 10 upgrade? Here's how to recover (InfoWorld) If you know somebody who woke up to find Windows 10 on their computer, perhaps this advice will console them

Kaspersky says it will never support Windows 10 Insider builds (Windows Report) Windows 10 builds are rough versions of the OS rolled out for testing purposes only, meaning you should never expect a build to run smoothly or that security issues won’t ever arise

GCHQ infosec group disclosed kernel privilege exploit to Apple (SC Magazine) Communications and Electronics Security Group (CESG), the information security arm of GCHQ, was credited with the discovery of two vulnerabilities that were patched by Apple last week

Cyber Trends

What are hackers up to these days? (CIO) The short answer: They’re targeting sites in North America, where they’re planting malware in ad networks and launching dating site spam

Organizations unprepared for employee-caused security incidents (Help Net Security) While employee-related security risks are the number-one concern for security professionals, organizations are not taking adequate steps to prevent negligent employee behavior, according to a new Ponemon Institute study


Industry's cyber-security "market failure" must be addressed (SC Magazine) Valuing cyber-risk key to addressing "market failure" around cyber-security, said a deputy director at the Cabinet Office in a speech to the Westminster eForum

CIOs are hindered by massive tech skills shortage (Help Net Security) More CIOs report directly to the CEO (34 percent) than at any time in the past decade, rising 10 percent over last year, according to the 2016 Harvey Nash/KPMG CIO Survey. CIOs with a direct report to the CEO are also the happiest (87 percent report job fulfillment)

Execs: Even as IBM 'aggressively' transforms, it hires (Triangle Business Journal) Even as IBM shrinks in its legacy businesses, it’s actively seeking out tech resumes, a top exec said Monday during an analyst conference in Boston

vArmour Raises $41 Million to Expand Data Center and Cloud Security Leadership Globally Through Strategic Distribution Partners (Marketwired) Funding to accelerate the distribution of vArmour's simple, scalable and economical data center and cloud security solution

A10 Networks (ATEN): Strong Industry, Solid Earnings Estimate Revisions (Zacks) One stock that might be an intriguing choice for investors right now is A10 Networks, Inc. (ATEN - Snapshot Report). This is because this security in the Communication Network Software space is seeing solid earnings estimate revision activity, and is in great company from a Zacks Industry Rank perspective

CYBERCOM awards spots on new $460M cyber operations contract (Federal Times) The General Services Administration and Cyber Command — the lead command for military cyber operations — announced the winners of a multi-award contract to provide “a broad scope of services needed to support the U.S. Cyber Command mission,” according to the award announcement

KEYW Awarded Prime Position on $460 Million Multiple Award Contract with the U.S. Cyber Command (Globe Newswire) The KEYW Holding Corporation (NASDAQ:KEYW) announced today that is has been awarded a prime position on a five-year multiple-award, indefinite delivery/indefinite quantity contract with a $460 million ceiling value to provide a broad scope of services needed to support the U.S. Cyber Command mission including project management, cyberspace operations, planning, training, and exercises and other mission support disciplines

Israel’s cyber security frontier (ComputerWeekly) The Israeli city of Beer Sheva is quickly becoming a global centre of cyber security technology

KEYW Holding (KEYW) Announces CFO Transition (Street Insider) The KEYW Holding Corporation (Nasdaq: KEYW) announced the departure of the company’s Chief Financial Officer and Executive Vice President Philip L. Calamia. Mr. Calamia is departing KEYW to pursue other opportunities

illusive networks' Tracy Pallas Recognized as One of CRN's 2016 Women of the Channel (PRNewswire) illusive networks, the leader in Deceptions Everywhere® cybersecurity, announced today that CRN®, a brand of The Channel Company, has named Tracy Pallas, Vice President of Channel Sales and Strategy to its prestigious 2016 Women of the Channel list

Products, Services, and Solutions

AKUA and Beit Al-Etisalat form Partnership to pursue Opportunities in Saudi Arabia and Oman (PRNewswire) Delivering IoT solutions to Middle Eastern markets

PivotPoint Risk Analytics and (ISC)2 Announce Business Partnership to Raise Awareness of Need for Cyber Risk Analytics (BusinessWire) Global cybersecurity certification and education membership body aims to help advance the automation of cyber insurance decisions through new partnership

Review: Signal for iOS (Help Net Security) Open Whisper Systems’ Signal is an encrypted voice and text communication application available for Android and iOS. The technology is built upon the organization’s open source Signal Protocol, which has recently been implemented by messaging heavy-hitters such as WhatsApp and Google Allo

Tempered Networks Debuts Identity-Defined Network Fabric (eWeek) Tempered Networks advances its Host Intrusion Protocol-based technology with new services and components, including an improved dashboard and a new API

Trustlook Addresses Qualcomm Vulnerability That Affects Millions of Android Users (MarketWired) Leading mobile security company launches new app and functionality in response to widespread Android security threat

LightCyber Launches Technology Alliance Program, Stresses Revenue Upside (Channel Partners) Customers know – or should be convinced – that we can’t build walls high or deep enough to stop all attacks

Dimension Data eyes Kenya cyber security contracts (Telecompaper) South Africa IT infrastructure firm Dimension Data is offering remote security services to Kenyan companies such as banks and others that handle high-risk data

Technologies, Techniques, and Standards

OWASP set to address API security risks (Help Net Security) OWASP has started a new project and is set to publish a new guide on security risks. The issue they aim to tackle this time is API security

CESG drops penetration testing certification (UK Authority) Cites low demand from people with skills in the cyber defence role

Beware of Coverage Gaps for Phishing Losses (Risk Management Monitor) Social engineering, also known as phishing, is the latest cyberrisk giving companies fits and large financial losses

Each Cyber Attack Has Its Own Cure (Design News) Cyber attacks continue to get more plentiful and more dangerous. And Verizon, in response, has released its 2016 Data Breach Investigations Report, which reveals the dark side of cybersecurity

Training to protect our Infrastructure (DVIDS) Imagine somebody has hacked into your water utility and made your water undrinkable…or worse. Critical Infrastructure Exercise 16.2, also known as Crit-Ex, is helping utility companies learn where those cyber weaknesses might be

Research and Development

Helping Johnny to Analyze Malware (2016 IEEE Symposium on Security and Privacy) A usability-optimized fecompiler and malware analysis user study


UK Certifies 6 New Cybersecurity Masters' Degrees (Infosecurity Magazine) The workforce skills gap continues to widen as businesses desperately search for qualified security personnel amidst a snowballing threat landscape. To help remedy the situation, GCHQ, as the UK’s national technical authority for information assurance, has certified six more masters' degrees in cybersecurity

IBM Launches Coginitive Cybersecurity Lab in Baltimore (CivSource) IBM is partnering with the University of Maryland, Baltimore County (UMBC) to create the Accelerated Cognitive Cybersecurity Laboratory (ACCL), which will be housed within the College of Engineering and Information Technology at UMBC. The Lab will use Watson technology to improve cybersecurity

Legislation, Policy, and Regulation

G7 Global Finance Leaders Push Cybersecurity Framework (Dark Reading) At G7 meeting, US Treasury official says cybercrime issues 'not going away'

The Cyber Threat: Obama’s Diplomacy-Dominated Policy Ignores Growing Russian Danger (Washington Free Beacon) Russia a top cyber adversary, but gets little attention

H. R. 4909 [Report No. 114–537] ( To authorize appropriations for fiscal year 2017 for military activities of the Department of Defense and for military construction, to prescribe military personnel strengths for such fiscal year, and for other purposes

National Defense Authorization Act for Fiscal Year 2017 (Senate Armed Services Committee) For 54 consecutive years, the Senate Armed Services Committee has fulfilled its duty of producing the National Defense Authorization Act (NDAA). This vital piece of legislation authorizes the necessary funding and provides authorities for our military to defend the nation. And it is a reflection of its critical importance to our national security that the NDAA is one of few bills in Congress that continues to enjoy bipartisan support year after year

When Is NSA Hacking OK? (US News and World Report) A top agency official explains the balancing act the government attempts when it comes to quietly using security flaws or exposing them

Here’s What the NSA Does for the Department of Agriculture and the Fed (Observer) At the end of the 1992 Robert Redford movie Sneakers, a National Security Agency [NSA] official offers a team of hackers whatever they want in exchange for a piece of omnipotent code-breaking technology disguised as an answering machine. In this writer’s opinion, the film is the best movie to put the NSA at the center of its plot. A lot of flicks depict the agency as the CIA with a different name, but Sneakers focuses on the crux of the NSA’s work: capturing information in transmission, also known as signals intelligence. NSA spies don’t sneak bugs into diplomat’s offices. They use satellites

Senators Want More Detail on IT Plans Behind New Background Check Agency (Nextgov) Two top Democrats on a Senate panel with oversight of government management want the Office of Personnel Management to hand over “detailed” planning documents related to the standing up of a new agency responsible for conducting federal background investigations

NAFCU: Data breaches have reached tipping point (CU Insight) Joins six other trades to advance data security legislation

Congress is so bad at cybersecurity, two lawmakers sent advice to colleagues (ZDNet) The bipartisan duo said the advice comes after recent cyberattacks against Congress and a high-profile vulnerability in phone networks

Hackers are targeting more small businesses in NJ ( Not too long ago cyber hackers would focus exclusively on large corporations, but that’s not the case any longer

Litigation, Investigation, and Law Enforcement

Clinton hacker ‘Guccifer’ expected to plead guilty (The Hill) A Romanian hacker who claimed to have broken into former Secretary of State Hillary Clinton’s personal email server is expected to plead guilty to U.S. criminal charges in a federal court this week

Clinton email probe in late stage, FBI may question her (AP) FBI agents probing whether Hillary Clinton's use of a private email server imperiled government secrets appear close to completing their work, a process experts say will probably culminate in a sit-down with the former secretary of state

A New Front In Obama’s War on Whistleblowers (Defense One) Fired Pentagon assistant inspector general John Crane is going public with allegations senior officials retaliated against whistleblowers, destroyed permanent records and altered audits under political pressure

Future of national security whistleblowing at stake in US inquiry (Guardian) As a former Pentagon official condemns whistleblowing system, experts hope justice department effort does more than ‘rearrange deck chairs on the Titanic’

Finjan Agrees to Settle Patent Dispute with California-Based Proofpoint; Stock Rallies 20% (NASDAQ:FNJN) (Sonoran Weekly) Finjan Holdings (NASDAQ:FNJN), a cybersecurity patent company, said Monday it has reached a settlement agreement with Sunnyvale, California-based Proofpoint, Inc. (PFPT) for a pending patent litigation

‘That is not the son I raised’: How a British citizen became one of the most notorious members of ISIS (Washington Post) The last member of the group of British jailers who supervised the torture and killing of Western hostages held by the Islamic State has been identified as a 27-year-old Londoner who traveled to Syria in 2012

Hacker Sentenced for Reporting Flaws in Police Communications System (Hack Read) Is it possible that somebody could be sent to jail for identifying security flaws in a protocol that is being used by the local Police department? This particular news report strengthens the notion that it certainly can happen

Teenager charged over Mumsnet hack and DDoS attack (We Live Security) An 18-year-old man has been charged by British police in connection with an internet attack that saw Mumsnet hacked, users’ accounts breached, passwords stolen, and the site blasted offline

Developer of anonymous Tor software dodges FBI, leaves US (CNN Money) In its mission to hunt criminals, the FBI has been keen to hack Tor, the Internet browser that hides your true location

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of, an in-depth...

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management...

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity...

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.