skip navigation

More signal. Less noise.

Daily briefing.

Kryptowire has discovered a significant vulnerability that affects Android phones, especially prepaid or disposable phones. Not a bug, it's allegedly a deliberately installed backdoor in software provided by Shanghai Adups Technology Company, which says its product is in some 700 million devices. Kryptowire says that Adups reports all texts to an address in China every seventy hours. Whether this is data mining for commercial marketing or state-directed espionage remains unclear.

State espionage services are reported by Motherboard to be making foreseeable use of various social media platforms for traditional ends of infiltration, compromise, and recruitment.

US Army Cyber Command reports that some of its personnel have been receiving phishing emails carrying Locky ransomware payloads.

Verint has seen a new variant of SpamTorte, an advanced, multilayered spambot, circulating in the wild.

ESET says the Retefe Trojan was involved in Tesco bank fraud. Retefe, usually spread via malicious email, configures a proxy server for man-in-the-middle access to traffic between customers and their online account. It also installs a bogus root certificate to fend off warnings of interaction with a spoofed site, and it has a mobile component that intercepts passcodes to subvert two-factor authentication. ESET believes other banks are being actively targeted with Retefe.

Security vendors have begun their holiday season warnings and advice for online shoppers.

In industry news, Nehemiah Software acquires Siege Technologies, specialists in forecasting attacker capabilities.

A UK court approves Lauri Love's extradition to the US.

If Ash Carter has his druthers, Ed Snowden gets no pardon.


Today's issue includes events affecting Argentina, Brazil, China, Germany, Iraq, Netherlands, Russia, Spain, Syria, Ukraine, United States.

A note to our readers: we've spent the morning at the Chesapeake Regional Tech Council's Commercial Cyber Forum on insider threats. We'll have a full report later this week.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Terbium Labs, as Emily Wilson discusses Terbium's recent report on the dark web. We'll also hear from Ping Identity's Pamela Dingle, who will describe the Digital Transformation Journey. (If you enjoy the podcast, please consider giving it an iTunes review.)

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

Cyber Attacks, Threats, and Vulnerabilities

Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say (New York Times) For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours

The election is over but spammers aren't conceding (Christian Science Monitor Passcode) During the presidential campaign, experts spotted an explosion in malicious email spam attempting to trick recipients into downloading harmful files or revealing personal data. And the spammers aren't going away

Trump Protesters Falsely Accused of Anti-Chinese Racism in Viral Weibo Story (Motherboard) The popular Chinese microblogging site Weibo sent a push notification to countless smartphones in China on Monday, advertising a post that claimed that anti-Trump demonstrators in the United States were responsible for a surge of hatred against Chinese-Americans

Spies Use Tinder, and It's as Creepy as You'd Think (Motherboard) On September 4, a group of young activists planned to attend a demonstration against Interim President Michel Temer in the city center of São Paulo. They never made it. Their group had been infiltrated by an Army Captain Willian Pina Botelho—via Tinder

Someone tried to infect Army Cyber Command with ransomware (CyberScoop) Phishing emails that were sent last week as part of an extensive ransomware campaign designed to target government employees and contractors were also found in the inboxes of Army Cyber Command employees, a spokesperson told CyberScoop

IoT devices in the enterprise (Zscaler Blogs) A look at the enterprise IoT device footprint and IoT traffic analysis

Medical devices pose weak link in preventing cyber attacks (Health Data Management) For many users of Johnson & Johnson’s OneTouch Ping insulin pump, the benefit of ease of use has been outweighed by the fear of hacking

The US grids have been cyber attacked –industry response and information sharing has failed (Control Global Unfettered Blog) According to “official” sources, the US electric grid has never been cyber attacked. However, that is not true. There have been several cases where nation-states and others (not identified) have cyber attacked the US electric grid

New versions of SpamTorte discovered (SC Magazine) Verint details discovery of SpamTorte 2.0, an Advanced multi-layered spambot campaign which they said is "back with a vengeance"

Experts question Microsoft's Windows zero-day response (TechTarget) A Windows zero-day disclosed by Google caught Microsoft between patch cycles, and experts questioned whether Microsoft downplayed the severity of the vulnerability

Tesco Bank Attack Linked to Trojan Targeting Other UK Lenders (Infosecurity Magazine) Security experts have linked the recent attack which cost Tesco Bank £2.5 million to the Retefe trojan and warned that countless other banks are also at risk around the world

Tesco Bank cyber attack could have been avoided, say experts (Bob's Guide) Internet security experts are now claiming that Tesco Bank missed or ignored warning signs that cyber hackers were present in the software many months before cash was actually stolen, forcing the supermarket to pay back £2.5m ($3.1m) of losses to 9,000 customers

78,000 military email accounts found in adult website hack (Washington Examiner) Tens of thousands of government and military-issued email addresses were among those stolen from a conglomeration of adult hookup and pornography sites last month, according to an analysis of the breach issued Monday by

KnowBe4 Warns Employees Against “AdultFriendFinder” Scams (BusinessWire) Company warns of expected scams resulting from the 339 million adult accounts pilfered from sex community including fifteen million “deleted accounts”

Critical Linux bug opens systems to compromise (Help Net Security) Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers – both local and remote – to obtain root shell on affected Linux systems

Spotify desktop app bug writes data in massive proportions on a daily basis (HackRead) Our desktop’s hard drive might be in danger of losing a few years of its lifespan if you are an avid user of Spotify’s desktop app for accessing tuneage or satisfying your music cravings

This malware attack starts with a fake customer-service call (Help Net Security) The hackers call hotels, then send email attachments that look like customer information

Wi-Fi shadows cast by your fingers could leak your password (Naked Security) Researchers in a team from Shanghai, Boston and Tampa recently published an temptingly titled paper about password stealing

FBI says FIFA Ultimate Team console game hackers stole millions in virtual currency (Hot for Security) Modern-day criminals don’t need to steal from your wallet or even your online bank account to make themselves millions of dollars. They can also target video games, an increasing number of which have their own virtual in-game currency that can be used to buy or sell items attractive to players

Microsoft investigating UPenn racist cyberbullying incident (CNBC) GroupMe, the Microsoft-owned messaging app that was used for a racist cyberbullying attack last week at the University of Pennsylvania, said it removed the messages instantly and is investigating the case

Security Patches, Mitigations, and Software Updates

CVE-2016-7461: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability (SANS Internet Storm Center) VMWare published today advisory VMSA-2016-0019 affecting products VMware Workstation Pro / Player and VMware Fusion Pro / Fusion. The issue is located in the drag and drop feature, which is affected by an out-of-bounds memory access vulnerability

Patch Tuesday overhaul: Microsoft to replace security bulletin index with database-driven portal (ZDNet) Over the past year, IT admins and security professionals have had to deal with massive changes in the way Microsoft delivers updates. Beginning in 2017, they'll have to adjust to a new format for security bulletins as well

Despite privacy concerns, Microsoft calls Windows 10 'the most secure version of Windows' (Tech Republic) Microsoft recently penned a blog post explaining some of the security updates in the Windows 10 Anniversary Edition, especially dealing with protecting against ransomware

Twitter (finally) updates its abuse policy: easier troll reporting, more granular mutes (TechCrunch) In the wake of the U.S. Election, as Facebook and Google come under fire for the dissemination of fake “news” in their News Feed and search results, Twitter is tackling another area that’s been a flashpoint issue not only recently, but for years: the social media platform today is unveiling some major updates to its safety policy, aimed at helping users weed out abusive Twitter accounts and Tweets

Facebook, Google ban fake news sources from their ad networks (Help Net Security) Despite Mark Zuckerberg’s dismissive attitude regarding the claim that Facebook had an inappropriate impact on the US elections, the company has moved to bar sources of fake news from its Facebook Audience Network ads

Cyber Trends

Preparing for the holiday shopping season? Cybercriminals are getting ready as well (Help Net Security) The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday

The Black Friday Heist: Financial Phishing Increases During the Holiday Season (BusinessWire) The number of financial phishing attacks is expected to rise during the Holiday shopping season which starts unofficially on Black Friday

The key to combating cyber insecurity: changing behavior, training the workforce (Miami Herald) Cyber threats facing the United States and the world are growing at an alarming rate and are expected to continue to grow well into the 21st century


As Cybercrime Rises, So Does Spending On Cyber Security (Globe Newswire) The world is becoming increasingly connected through networks and data in an ecosystem governed by digital technologies which have created immense opportunities for individuals, businesses and organization

Nehemiah Security Announces Acquisition of Siege Technologies (Nehemiah Security) Expands portfolio with predictive performance solutions to model, map, quantify and forecast attacker capabilities

​Why new-look McAfee is making security vendors nervous (ARN) Security vendor targets Symantec, IBM, Trend Micro, Carbon Black, Sophos, Cylance, Crowdstrike, SentinelOne and co

Things You Should Know Before You Buy Raytheon (Seeking Alpha) Investors might not necessarily buy Raytheon(Forcepoint) as a short-term value play. As against the recent SA article that explained the upsides for Forcepoint, critical points were left out of the argument while making the bullish case. What are the issues that need to be resolved before investors make the bet on RCP (Raytheon cyber products)?

FireEye: Dominating The Cloud Security Market (Seeking Alpha) FireEye is transitioning into a cloud-based business model. It is still underperforming in market share growth compared to competitors. Will the proliferation of IoT be sufficient to achieve and maintain profitability?

TalkTalk profits soar as telecoms giant continues cyber attack recovery (City A.M.) TalkTalk’s earnings soared in the six months to September, despite total revenue falling 1.1 per cent

WISeKey creates a Joint Venture company “WISeKey Argentina” for the development of cybersecurity in Latin America. (Yahoo!) WISeKey International Holding (WIHN, a company listed on the Swiss stock exchange) through WISeKey ELA (its Spanish company headquartered in Bilbao), AC Investment & Consultant S.A. and Trend Technologies S.A. reached an agreement to form a Joint Venture for the creation of a new company WISeKey Argentina, with the objective of extending WISeKey’s global presence in Argentina

RiskVision Announces Key Executive Appointments to Capture Global Surge in Risk Intelligence Market Growth (Marketwired) Appoints former Cisco and Symphony Teleca executives Leo Hecke and Keith Higgins to scale customer and partner ecosystem and accelerate demand for respected brand

PacketSled Response to Matt Harrigan Comments (PacketSled) PacketSled takes recent comments made by our CEO, seriously. Once we were made aware of these comments, we immediately reported this information to the secret service and will cooperate fully with any inquiries. These comments do not reflect the views or opinions of PacketSled, its employees, investors or partners. Our CEO has been placed on administrative leave

Products, Services, and Solutions

Secure your identity and your device in one app with expanded protection from Lookout Personal (Lookout Blog) Today, Lookout is adding two new tools to our Personal app for individuals who are concerned about the safety of their digital identity and financial data

Device Authority and InVMA develops secure IoT solution for GCE Group portable connected medical device (Device Authority) Device Authority, a global leader in policy and device-driven security for the Internet of Things (IoT) and Gartner Cool Vendor 2016, has today announced it is working alongside strategic partner and systems integrator InVMA to deliver an innovative connected health solution for GCE Group

Dashlane Debuts New Password Management Features For Businesses (PRNewswire) SAML support, exclusive Smart Space Management™ make Dashlane easiest enterprise solution to implement

Thomson Reuters, Pillsbury, FireEye Align For Cybersecurity Compliance Program (Dark Reading) Thomson Reuters, Pillsbury and FireEye have teamed up to help businesses meet new regulations and manage cybersecurity-related risk

WISeKey to keep smart public lighting secure (Smart Cities World) The partnership aims to provide IoT devices with a layer of security that will make them more robust and secure

Swan Island Networks Announces TX360 Platform Innovations for Enterprise Security, Intelligence, and Business Continuity (IT Business Net) Swan Island Networks, a leading provider of cloud-based situational intelligence software and services, today announced the availability of the newly upgraded TX360 platform

LookingGlass Cyber Solutions Honored with CRN® 2016 Tech Innovator Award (BusinessWire) ScoutPrime takes top honors in the 2016 Editor’s Choice Category

Akana Named a Leader in API Management Solutions Report by Independent Research Firm (Benzinga) Akana, a leading provider of API Management, API Security, API Analytics and Microservices solutions for Digital Businesses, announced today that it has been named a Leader by Forrester Research, Inc. in its new report, "The Forrester Wave™: API Management Solutions, Q4 2016"

Five9 and Verint Announce Global Partnership, Extending Availability of Cloud Workforce Optimization and Analytics Solutions (BusinessWire) Partnership further expands availability of award-winning contact center and WFO solutions to organizations of all sizes

Ant Financial contracts with V-Key to secure mobile payments (Finextra) V-Key, a global leader in digital security, and Ant Financial Services Group, the leading global tech company that provides online and mobile financial solutions, have entered into a collaboration

GlobalSign Integrates High-Assurance Digital Certificate Issuance Services with Microsoft Azure Key Vault (MarketWatch) Users are able to issue high volumes of SSL/TLS certificates directly through the Key Vault service

Spirent Responds to Carrier Demands for Actionable Intelligence (BusinessWire) Spirent VisionWorks, the first solution to provide the active visibility carriers need to detect, isolate and troubleshoot service issues across the network

In Logs We Trust™: Announcing the Launch of the Waterfall BlackBox™ (PRNewswire) Restoring trust in network information for cyber-attack response teams and forensics

Technologies, Techniques, and Standards

CrySis Ransomware Master Decryption Keys Released (CyberParse) The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public

Dear Mirai, how thou shall plan for thee (CSO) This is only the beginning for these larger attacks, so start preparing now

How Special Operators Trained for Information Warfare Before the Mosul Fight (Defense One) At a two-day exercise in April, U.S. troops practiced waging warfare on an invisible yet vital battlefield

What is a Security Operations Center (SOC)? (Digital Guardian) Learn about how security operations centers work and why many organizations rely on SOCs as a valuable resource for security incident detection

8 Ways Businesses Can Better Secure Their Remote Workers (Dark Reading) Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe

3 Effective Ways to Monitor and Reduce Click Fraud (Huffington Post) If you use pay-per-click ads to promote your website to be picked up on a search engine, there’s one major thing you need to know: protect yourself from click fraud

Network security in the new service provider reality (Security Asia) We are standing at the cusp of a new digital era

Weave a web of deception to secure data (Help Net Security) Today’s technically superior and incredibly well-funded (often state-funded, in fact) hackers are not impressed with breach prevention and traditional security solutions

How automated investigation can accelerate threat detection (CSO) Cyber‫ security analysts are overwhelmed with the pressure of keeping their companies safe

Legislation, Policy, and Regulation

In The Lame Duck, How Congress Makes Cybersecurity A Non-Partisan Priority (Forbes) With a lame duck session of Congress looming, federal lawmakers are scrambling to push key legislative items through last-minute. One key area of concern is cybersecurity

Litigation, Investigation, and Law Enforcement

UK approves extradition of British hacker to the US (CSO) The US has accused Lauri Love of hacking government computers

Pentagon chief tells techies he does not condone Snowden's actions (The Hill) Defense Secretary Ash Carter told tech entrepreneurs on Monday that he does not condone the actions of ex-National Security Agency contractor Edward Snowden, showing little appetite for a pardon before President-elect Donald Trump takes office

Police Raid IS Suspects Across Germany (Radio Free Europe/Radio Liberty) German authorities have launched simultaneous raids on mosques, apartments, and offices in 10 states against suspected supporters of the Islamic State (IS) group

A US Judge May Sentence Wannabe Terrorists to ‘Deradicalization’ (Wired) Over three days starting Monday, Judge Michael J. Davis of the federal District of Minnesota will sentence nine men convicted of aiding the so-called Islamic State, better known in the West as ISIS

CIA, NSA ordered to reveal to judge whether they were involved in Occupy Philly surveillance (Philadelphia Inquirer) A federal judge has ordered the CIA and the National Security Agency to disclose to him whether they were involved in spying on Occupy Philadelphia protesters during their monthlong demonstration at what is now Dilworth Park five years ago

Navy denies it pirated 558K copies of software, says contractor consented (Ars Technica) Military admits widespread install, but says its 38 licenses were not "limited"

Florida man charged in JPMorgan hacking probe (Naked Security) A Florida man is the ninth person to face charges related to the hefty data breach that JPMorgan disclosed in 2014

Dutch hacker found guilty of 2013 cyber attack but won’t be jailed (Dutch News) The Dutchman accused of launching a massive cyber attack on a spam blacklist publisher in 2013 has been sentenced to 240 days in jail, 185 suspended, in absentia

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Versus16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half...

Upcoming Events

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...

Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, November 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions ...

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...

CyberCon 2016 (Washington, DC, USA, November 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the...

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.