skip navigation

More signal. Less noise.

Daily briefing.

Authorities in Taiwan are investigating extortion threats made against five brokerages. The extortionists, who claim to represent the "Armada Collective," a group that's been active elsewhere, say they'll subject the brokerages to distributed denial-of-service attacks if they're not paid some $9700. The brokerages haven't paid.

Several Polish banks suffer a malicious JavaScript infestation after employees innocently visited the Financial Supervisory Authority. The infection could lead to installation of a remote access Trojan. Polish media are generally attributing the incident to a foreign intelligecne service (read, "Russia") but many observers think it could have been the work of a criminal gang instead. Sometimes it's difficult to make the distinction.

The use of JavaScript in the Polish attacks is becoming something of an outlier. It's not that JavaScript has become notably more secure, but rather that criminals are turning to file types less likely to arouse suspicion. Researchers at Microsoft and Intel Security find attacks increasingly based on LNK and SVG attachments.

Cyber vigilantes have been at work, hacking printers "to teach people about their vulnerabilities," and, in a separate incident, taking down some unusually nasty dark web sites.

As fears of election hacking and influence operations rise in Europe, the United States moves to share intelligence developed during the last election cycle with officials in France, Germany, the Netherlands, and Norway. 

Hal Martin, the former NSA contractor arrested when investigators allegedly found very large troves of highly classified material at his Glen Burnie, Maryland, home, will probably be charged with espionage.


Today's issue includes events affecting France, Germany, Netherlands, New Zealand, Norway, Poland, Russia, Taiwan, United Kingdom, United States.

In today's podcast we hear from our partners at Level 3: Dale Drew talks us through the current uptick in ransomware. We also have a guest, Rami Essaid from Distil Netowrks, who discusses bot mitigation techniques.

We also have a special edition of the podcast out. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

Deep Instinct (San Francisco, CA, USA, February 13 - 17, 2017) Meet us at RSA Conference 2017. Visit booth #N4805. Book a meeting.

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Dateline RSA

RSAC Innovation Sandbox winners: One year later (Network World) With the annual RSA security conference just around the corner, we decided to touch base with the 10 companies selected as finalists in last year’s Innovation Sandbox competition and see how they’re making out.

RSA Conference 2017: expect to hear a lot about IoT threats, ransomware (Naked Security) Heading to San Francisco for RSA next week? Here’s our pick of talks and themes to look out for when you’re there

DHS scientists to show AI-backed cybersecurity at RSA conference - CyberScoop (Cyberscoop) At RSA, thinking software is the new cyber frontier. One-in-four of the new technologies DHS is showcasing uses artificial intelligence or machine learning.

Tour the RSA Conference SOC (Cisco Blogs) Next week, some 30,000 security professionals will descend upon the Moscone Center in San Francisco for the 2017 RSA Conference. Cisco’s AMP Threat Grid, the first unified Malware Analysis and Threat Intelligence solution, partnered with RSA to create the RSA Conference Security Operations Center (SOC), where engineers will monitor all traffic on the Moscone Center’s wireless network. Threat Grid is the integrated Dynamic Analysis technology partner for Netwitness Packets (formerly Security Analytics).

Ixia to Showcase Solutions that Help Deliver Total Visibility at RSA 2017 (BusinessWire) Ixia, a leading provider of network testing, visibility, and security solutions, will be exhibiting (Booth # 3401 North Hall) at the RSA Conference 2017, February 13th through February 17th, at the Moscone Center in San Francisco.

Skycure Experts to Present Vulnerabilities in Mobile Containers at RSA 2017 (Marketwired) Mobile threat defense leader will demonstrate security issues in the work features in Android

Spirent Highlights Expanded Security Focus at RSA 2017 (Yahoo! Finance) Spirent Communications plc  – will demonstrate its expanded focus on security at the upcoming RSA Conference 2017 with a preview version of its Cyberflood performance and security validation software at the Moscone Center in San Francisco February 13–17.

Zentera Systems Introduces Industry's First Infrastructure Security Solution for the Multicloud (PRNewswire) Zentera Systems, Inc., the leader in multicloud security and...

SAFECode Raises the Bar with Latest Guidance in Threat Modeling and Managing Third Party Components (BusinessWire) SAFECode members collaborate cross industry to address the latest security threats and vulnerabilities

Cyber Attacks, Threats, and Vulnerabilities

Five Taiwan brokerages report cyber attack threats, regulator says (Reuters) Taiwan is investigating an unprecedented case of threats made to five brokerages by an alleged cyber-group seeking payment to avert an attack that could crash their websites, an investigator and the securities regulator said on Monday.

Polish Banks Infected with Malware Hosted on Their Own Government's Site (BleepingComputer) Several Polish banks said they suffered malware infections after their employees visited the site of the Polish Financial Supervision Authority (KNF), which had been previously infected to host a malicious JavaScript file.

Phishing scammers target PayPal in very well crafted attack, Proofpoint finds (Security Brief) Scammers are finding increasingly cunning ways to capitalise on the reach and popularity of the world’s global brands. This time PayPal is the target.

Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support (BleepingComputer) The Spora ransomware is slowly making a name for itself as one of the most well-run ransomware operations on the market, with a very well-designed ransom payment portal, some solid customer support, and also efforts to improve the ransomware's reputation among victims.

Locky and Sage Ransomware Use the Same Distribution Infrastructure (Virus Guides) PhishMe security researchers warn that the Locky ransomware is relying on the same delivery infrastructure which was previously used for the Sage ransomwar

Criminals release fewer new types of malware last year, double down on ransomware (CSO Online) Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks. The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million. The total number of malware attack attempts also fell, from 8.2 billion to 7.9 billion. This was also the first year that the company has seen attack attempts fall.

Malware distributors are switching to less suspicious file types (CSO Online) After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users.

76 Famous iOS Apps Vulnerable to Silent Data Interception (HackRead) The IT security researchers at, a service responsible for scanning the binary coding of iOS apps to identify any prevailing security flaws, 76 po

Dozens of iOS apps fail to secure users' data, researcher says (CSO Online) Dozens of iOS apps that are supposed to be encrypting their users' data don't do it properly, according to a security researcher.

How app makers increasingly track your every move (The Christian Science Monitor Passcode) Privacy advocates say tech companies are becoming more brazen about collecting users' location data and personal information.

The Promise & Peril Of The App Era (Dark Reading) Sure, apps are convenient. But when not properly assessed, they can cause security holes.

Your web browsing history can be linked to your social media accounts (Help Net Security) Your web browsing history contains enough information for third parties to be able to tie it to your social media profile (Twitter, Facebook, Reddit).

ICS, SCADA Security Woes Linger On (Threatpost) A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems.

Cyber criminals tricking consumers into downloading fake apps: Kaspersky report (BGR) According to the report, cyber criminals are adding fake apps on app stores that could further users' privacy on risk.

Hacker takes out dark web hosting service using well-known exploit (CSO Online) A major hosting service for sites on the dark web has apparently been hacked, resulting in scores of hidden sites, including those offering child pornography, going offline.

Hacker hijacks thousands of publicly exposed printers to warn owners (CSO Online) A hacker forced thousands of publicly exposed printers to spew out rogue messages in order to warn their owners about the risks of printer hacking.

Anti-piracy tech firm Denuvo inadvertently leaks sensitive info (Help Net Security) Anti-piracy technology firm Denuvo Software Solutions has suffered an embarrassing and potentially damaging information leak.

InterContinental Confirms Breach at 12 Hotels (KrebsOnSecurity) InterContinental Hotels Group (IHG), the parent company for thousands of hotels worldwide including Holiday Inn, acknowledged Friday that a credit card breach impacted at least a dozen properties. News of the breach was first reported by KrebsOnSecurity more than a month ago.

8,000 Manatee Co. school employees victimized in email scam (WFLA) The Manatee County School District is the victim of a large cyber attack. Financial information from more than seven thousand employees was stolen through a highly organized phishing scam.

County cyber attack makes Newark, LACA more vigilant (The Newark Advocate) Newark and LACA are reminding employees to be careful on work computers after Licking County cyber attack.

Security Patches, Mitigations, and Software Updates

Microsoft Not in a Hurry to Fix Zero-Day Windows Security Flaw (Softpedia) A fix will most likely be shipped on Patch Tuesday

Cyber Trends

Javelin, Visa offer different takes on whether card fraud is moving online (CSO Online) According to a report released last week by Javelin, card-not-present fraud went up 40 percent this year, but according to a new report from Visa, there has been no increase in online fraud. The increase in card-not-present fraud was part of a general increase in fraud, reported Javelin.

Cybercrime Report (Threatmetrix) We started the year focusing on the digital transformation strategies that organizations needed to prioritize in order to keep pace with the fast-evolving digital world. As 2016 draws to a close, digital users are hardly even aware of the lengths that some businesses have gone to to safeguard streamlined online access to goods and services.


Global biometrics market revenue to reach $15.1 billion by 2025 (Help Net Security) Annual biometrics hardware and software revenue will grow from $2.4 billion in 2016 to $15.1 billion worldwide by 2025, representing a CAGR of 22.9%.

UKFast acquires Secure Information Assurance (Telecompaper) UKFast has acquired Secure Information Assurance (S-IA), a security services specialist for the public sector, reports The takeover gives UKFast access to IL3 and IL4/Official-Sensitive accreditations as well as a List-X accreditation allowing it to hold confidential government information.

Cyber Security leader Utimaco closes investment round led by EQT Mid Market - Utimaco HSM (Utimaco HSM) Successfully satisfied all regulatory requirements to close transaction EQT Mid Market Investment Strategy (“EQT Mid Market”) takes majority stake in Utimaco from PINOVA Capital, BIP Investment Partners and Management (“Sellers”) All Sellers re-investing significant parts and remain minority investors AACHEN, Germany – January 30, 2017 –  Utimaco, a global leader in high-end cyber security solutions, …

Fortinet Finds Its Footing With New Firewalls (Seeking Alpha) Fortinet is set for a great year after beating on key growth metrics. Management has continued in its innovative fashion with two new best-of-breed firewalls.

RedSeal to monitor networks for DISA (C4ISRNET) DISA will provide RedSeal modeling for all U.S. Army networks, U.S. Air Force boundary networks and several Combatant Command networks.

Sources: Forcepoint Sees Layoffs, Departure Of Head Of Sales As It Repositions Around High-Growth Security Technologies (CRN) Forcepoint has seen a significant reorganization, which sources say include layoffs, as the security vendor looks to reposition its sales force and portfolio around high-growth technology areas.

Wandera powering into 2017 with exponential company growth (Yahoo! Finance) Wandera, the leader in Enterprise Mobile Security and Data Management, has today announced that the company continues to experience rapid growth across its key business segments.

Intel Security Hires Former FireEye Exec Michael Berry As Its New CFO (CRN) As Intel Security readies to become a standalone security vendor, it has named former FireEye CFO Michael Berry as its new chief financial officer, the company announced Monday.

RiskRecon Continues To Build Advisory Team (PRNewswire) RiskRecon, a rapidly growing third party risk management company,...

Products, Services, and Solutions

RedLegg Launches Managed Security Offerings for Channel Partner Resell (Digital Journal) Cybercrime, increasing complex attack vectors, growing hordes of threat actors, shortage of security professionals and 24x7 readiness are many of the reasons organizations are moving towards managed security providers.

Securing IoT devices from within -- GCN (GCN) To ensure mutual authentication, a new solution uses a small chip that is preloaded with unique cryptographic codes to allow data to be transmitted more securely from an IoT device to the cloud.

Carbon Black’s Breakthrough ‘Streaming Prevention’ Leapfrogs Cylance, McAfee and Symantec by Stopping Both Malware and Non-Malware Attacks (BusinessWire) Cb Defense 'Streaming Prevention’ stops more attacks than traditional and machine-learning antivirus (AV), which only stop commodity malware

AlienVault Takes Proven Unified Security Management Platform to the Cloud (Marketwired) USM Anywhere empowers organizations of all sizes with effective threat detection, incident response and compliance management across cloud, hybrid cloud, and on-premises environments

Technologies, Techniques, and Standards

'If you can't talk, you can't fight': Compass Call planes confuse ISIS (Air Force Times) The Vietnam War-era airplane sitting on the flightline at the 386th Air Expeditionary Wing’s home base here may not look like much, but it is packed to the gills with electronics dedicated to sowing chaos in the ranks of the Islamic State terror group.

Cyber’s role in Air Force’s premier training exercise: Red Flag (C4ISRNET) Cyber teams have become an integral part of the annual Red Flag exercises, especially as the military readies for multi-domain conflict.

Wargame of cyber proportions unfolds in Colorado Springs symposium (Colorado Springs Gazette) The way to hack an oil refinery seemed rather basic, or

Interview: Has Gemalto found a flaw in your data encryption strategy? (Security Brief) Gemalto is on the front line when it comes to security encryption. Unfortunately security managers in IT far falling behind in the backblocks.

It's time to rethink using remote access VPNs for third-party access (Help Net Security) The decades-old connectivity practices of remote access VPNs have too many security weaknesses for today's heightened cyber threat environment.

4 elements for Financial Services to consider when selecting a cloud security provider (IT Pro Portal) Financial services organisations are utilising the cloud to stay ahead of the curve.

Why Cyber Security Matters To Your Business (CDF Distributors) Having better software programs to use will help to protect your system from potential hackers. Planning ahead will save money, energy and stress. Once the company network has been infected, attackers will stay dormant for an average of 200 days before detection, found Microsoft’s “Advanced Threat” analytics team. If the databases are successfully stolen, each …

Three simple ways to secure your company (Infosecurity Magazine) Three simple ways to improve your company's cybersecurity

Design and Innovation

Medical device 'birth certificates' could solve healthcare security woes (ZDNet) Can "digital birth certificates" defend medical devices against cyberattacks?

Neural face recognition network tuned with 650,000 pornstar images (Naked Security) But did anyone ask the actors – all women – for consent to use their images?

Ron Deibert’s Lab Is the 'Robin Hood' of Cyber Security - Motherboard (Motherboard) How one man built a unique lab whose mission is to document how the free internet is slipping into surveillance and censorship.

Research and Development

Quantum computing might not be as secure as first thought, claim physicists (Computing) University of Ottawa team build quantum cloning machine capable of hacking quantum messages

Legislation, Policy, and Regulation

Chinese regulators plan to vet all new internet services and hardware (Computing) China's government plans more internet and technology controls

U.S. shares election-hacking intel with Europe (POLITICO) The aid comes as upcoming elections in Germany, France, Norway and the Netherlands inspire fears of Russian meddling.

U.S. Preps for Infowar on Russia (The Daily Beast) While Trump is still defending Putin in public, American lawmakers are quietly pumping tens of millions of dollars into a counter-propaganda initiative.

US House approves new privacy protections for email and the cloud (CSO Online) The U.S. House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months.

Passing the Email Privacy Act Has Never Been More Urgent (WIRED) With surveillance hawk Jeff Sessions about to head up Trump's DOJ, privacy advocates push for a long-overdue bill to lock in digital privacy protections.

Want to Keep Hackers Out of Gadgets? Try International Law (WIRED) Opinion: A Yale cyberlaw expert explains how international law could make it harder for hackers to hamper IoT devices.

GAO raises alarm over key cyber office (TheHill) A new government report has found numerous problems with a critical Department of Homeland Security office charged with tracking and identifying cyber attacks on government systems and critical infrastructure.

Secure software is of 'strategic importance' to the Army (C4ISRNET) The Army is currently grappling with challenges in software sustainment and development.

Litigation, Investigation, and Law Enforcement

Former NSA contractor may have stolen 75% of TAO’s elite hacking tools (Ars Technica) Prosecutors reportedly plan to charge Harold T. Martin with espionage.

Turkey detains nearly 750 ISIS suspects in nationwide raids (Fox News) Turkey has now detained nearly 750 suspects in a police operation against the Islamic State group, authorities said Monday.

Brooklyn Man Pleads Guilty In Banking Scam Involving Money Mules (Dark Reading) Investigation unearths alleged scheme spread over several countries costing victims more than $1 million in losses.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Protect Conference (Nottingham, England, UK, February 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's...

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively ...

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace...

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid...

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training...

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24,...

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can...

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers,...

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.