skip navigation

More signal. Less noise.

Daily briefing.

Amazon has identified the cause of the S3 server outage that rendered large swathes of the Internet unavailable Wednesday: a command entry error during debugging. The operator intended to remove some capacity, temporarily (a routine practice); unfortunately a typo caused the command to remove far too much capacity. Amazon is working on procedures to prevent a recurrence.

There's some welcome good news about vulnerabilities and risk mitigation today. First, Google has removed 132 Android apps from the Play Store. They contained hidden iFrames that linked to malicious domains. Those apps weren't in much position to do damage anyway: CERT-Polska had sinkholed the malicious domains back in 2013.

The Cloudbleed bullet also seems to have been dodged. CloudFlare says the vulnerability was triggered 1.2 million times, but that there was no evidence of malicious exploitation. The company has also engaged Veracode to conduct a third-party check of CloudFlare's software.

And Slack is getting good reviews for their swift patching of a vulnerability—a potentially serious one—that exposed user tokens to compromise. They responded to the bug disclosure in half an hour and had a fix out in five hours. A Detectify researcher reported the vulnerability under Slack's bug bounty program.

In industry news, Symantec has opened a venture arm. Yahoo!'s exit by sell-off to Verizon is concluding with whimpers as the Yahoo! board investigation of the company's breaches imposes costs on executives.

China warns of the dangers of cyber conflict.

The Wassenaar cyber arms control regime's future looks shaky (again).

Notes.

Today's issue includes events affecting Australia, Canada, China, Poland, Russia, Singapore, United Kingdom, United States.

In today's podcast, we hear from our partners at Terbium Labs, as Emily Wilson tells us what tax season looks like from the dark web. We also hear from Melanie Gluck of MasterCard about the behind-the-scenes security systems that protect our credit cards.

There's also a bit of video from RSA, done by Cylance in partnership with the CyberWire. It's short, so watch and enjoy the heebie-jeebies being shared on the floor. (The scariest malware story trophy is awarded at 2:20.)

And, of course, our special edition on artificial intelligence is up. Hear what we learned in conversations with experts in the field.

Jailbreak Security Summit - Insecurity Tools (Laurel, Maryland, USA, April 28, 2017) Join some of the world's best security researchers as they talk about vulnerabilities in security tools at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.

2nd Annual Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector.

Cyber Attacks, Threats, and Vulnerabilities

AWS S3 outage blamed on employee's typo (Computing) Firm say it will make "several changes" to prevent recurrence

Forcepoint Researchers Work To Identify A New Piece Of Malware - The Minature Monero Mining Botnet (Information Security Buzz) Throughout February, researchers at Forcepoint have been identifying a new and unusual piece of malware – the miniature Monero mining botnet. Just like the California Gold Rush attracted amateurs lured by the promise of easy money (the original ’49ers’), a low barrier-to-entry is tempting unskilled individuals to take up cryptocurrency mining. In January 2017 it was reported that the Sundown Exploit Kit was …

Chinese VoIP Kit Contains Backdoor, Warn Researchers (Infosecurity Magazine) Chinese VoIP Kit Contains Backdoor, Warn Researchers. DBL Technology patched but did not fix issue

132 compromised apps removed from Google Play (Help Net Security) Google has recently removed 132 Android apps from Google Play due to them containing hidden iFrames linking to malicious domains in their local HTML pages.

Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum (Threatpost) Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times.

Cloudflare Breach Had Potential To Be Much Worse (Dark Reading) An initial analysis shows no personal data was leaked and most customers not impacted, Cloudflare's CEO says.

Cloudflare chief pledges third-party review of code (Naked Security) ‘No evidence’ that attackers exploited the vulnerability, says Cloudflare CEO

Privacy Issue Discovered in Telegram Messaging App (Infosecurity Magazine) Researchers from Fidelis Cybersecurity have unearthed an “interesting security issue” involving the popular messaging app Telegram

Cisco Warns of High Severity Bug in NetFlow Appliance (Threatpost) Cisco is warning of a flaw that creates conditions susceptible to a DoS attack in its NetFlow Generation Appliance.

Why Internet of Things is the world's greatest cyber security threat (HackRead) The number of Internet-of-Things (IoT), devices will reach more than 15 billion units by 2021, according to research from Juniper. As businesses and consum

Common Types of Ransomware (eSecurity Planet) Ransomware is getting more sophisticated all the time, so prevention is key to avoid paying the ransom or losing data.

Ransomware spiked 752% in new families (Help Net Security) 2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and BEC scams gaining popular among cybercriminals.

Poor robot security could lead to ‘Skynet’ nightmare, warn researchers (Naked Security) Generic robot tools mean robots pose some of the same risks as poorly secured IoT devices – but those fears could be overstated

Yahoo cookie-forging incident affected 32 million accounts (Help Net Security) We finally know how many user accounts were affected by last year's high profile Yahoo cookie-forging incident: 32 million.

Pence used private mail for state work as governor, account was hacked (CSO Online) U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report.

Security Patches, Mitigations, and Software Updates

Slack only took five hours to fix bug that could have allowed hackers to hijack your account (Graham Cluley) …on a Friday evening!

Hack Brief: A Slack Bug Could Have Been Everyone’s Worst Office Nightmare (WIRED) A vulnerability in Slack left every account potentially exposed. Thank goodness the caught it in time.

Slack bug paved the way for a hack that can steal user access (CSO Online) One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick its users into handing over access.

Chrome users on macOS to see more dangerous site warnings (Help Net Security) Google's Safe Browsing service will start flagging sites using ad injection and/or peddling potentially unwanted software for Chrome macOS users.

Twitter scrambles those anonymous account eggs (Naked Security) Twitter makes another attempt to reduce abuse by cracking down on eggs

Cyber Trends

Here's what 'the brave new world' of cyber security will look like (Business Insider Australia) Over recent years, cybersecurity and cybercrime have become areas of increasing concern for both the public and private sector. It is important to note that this is not merely a panic stirred by media and politicians, nor is it a signifier that technology is failing us.

Attackers thrive in a fluid market, while bureaucracy constrains defenders (Help Net Security) Cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace.

The agile IT stack grows and becomes more complex (Help Net Security) IT practitioners are relying on a growing number of tools to do their job, as the underlying systems they must support grow more agile and complex.

The evolution of cloud and mobile security (Help Net Security) Salim Hafid from Bitglass talks about how BYOD, cloud security, and mobile security are affecting businesseses in a real and fundamental way.

Privacy issues in 2017 (CSO Online) Decades ago privacy really wasn’t that much of an ongoing issue. In the days of agrarian society everyone seemed to know about everyone else’s business and personal lives.

Australian security investments increasingly driven “from the top down”: Cisco GM (CSO Online) A growing governmental focus on cybersecurity issues has contributed to a marked upswing in cybersecurity investment that is now often being driven from the board level, according to the head of Cisco Systems’ local security business.

Marketplace

Are Investors Too Excited About Cisco Systems' Anemic Growth? (The Motley Fool) Should Cisco’s stock be hovering near a 16-year high?

America has a 'cybersecurity crisis': Symantec CEO (CNBC) Thirty-nine percent of North Americans have been affected by cybersecurity crime in the past year alone, Symantec's CEO tells CNBC.

Symantec Launches Venture Capital Arm (Dark Reading) CEO Greg Clark says new Symantec Ventures could provide an 'onramp for M&A' opportunities for the security vendor.

Air Force makes cryptographic deal with 7 companies (C4ISRNET) The contract is scheduled for completion by December 2026.

Yahoo CEO Gives Annual Bonus to Employees After Company Confirms New Hacks (BleepingComputer) Yahoo CEO Marissa Mayer announced she'll forgo her annual bonus ($2 million) and equity grant ($14 million), which she'll be redistributing to Yahoo employees instead.

Yahoo withholds CEO Marissa Mayer's bonus as punishment for security breach response (Chicago Tribune) Yahoo is punishing CEO Marissa Mayer and parting ways with its top lawyer for the mishandling of two security breaches in 2014.

Products, Services, and Solutions

New infosec products of the week​: March 3, 2017 (Help Net Security) Here's a collection of interesting new products from Avast, FourV Systems, Goodix, Nehemiah Security, Radisys, and Sophos.

HackerOne Offers Free Bug Bounty Programs for Open Source Projects (BleepingComputer) HackerOne, a platform that is offering hosting for bug bounty programs, announced today that open-source projects can now sign up for a free bug bounty program if they meet a few simple conditions.

ThreatConnect Adds Seven Key Partners to its more than 100 Current Integrations (IT Briefing) In an age when an organization may have up to 40 pieces of technology in their security operations, ThreatConnect, Inc.©, provider of the industry's only extensible, intelligence-driven security platform, demonstrates its commitment to uniting specialized, disparate solutions by announcing new integrations with Phantom Cyber, PhishMe, Dragos, Atlassian Jira Software, ServiceNow, and Recorded Future.

Enriching an Indicator with Operations (ThreatQuotient) ThreatQ Operations offers a tremendously powerful investigation and analysis capability to automate efforts across common workflows.

Exostar collaboration solution meets DFARS standards for cybersecurity (GSN) Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced it has augmented its enterprise collaboration solution to provide off-the-shelf compliance with the latest Government cybersecurity standards.

Axway API Management Enhances Security Credentials with Common Criteria Certification (BusinessWire) Axway (Paris:AXW) (Euronext: AXW.PA), a catalyst for transformation, today announced that it has received the access control and policy management

Dell Introduces New Industrial IoT Gateways for Rugged Environments (CIO Today) At Mobile World Congress in Barcelona this week, Dell launched new edge gateways specifically designed to support Internet of Things (IoT) deployments in harsh environments and confined spaces. Dubbed the Dell Edge Gateway 3000 Series, the new gateways target use cases and embedded solutions in the industrial automation, energy, transportation and digital signage markets, according to Dell. MWC 2017, which kicked off on Feb. 27, is running through March 2.

Capsule8: Container-aware real-time threat protection (Help Net Security) Dino Dai Zovi, CTO at Capsule8, illustrates how they're pioneering the industry’s first container-aware real-time threat protection platform.

Short on Security Resources? Try These Force Multipliers (Cisco Blogs) One in four organizations are exposed for six months or longer due to a lack of qualified security workers.

Hey, a Windows 10 Mobile newcomer! – Wandera to release data management app | On MSFT (On MSFT) Sometime later next week, Windows 10 Mobile will be getting a new app in the Windows Store, Wandera. Already available on Android and iOS, Wandera is a Mobile Security and Data Management app for enterprise customers. Based in the UK, US, Czech Republic, and Israel, Wandera offers enterprise customers a Mobile Security and Data Management solution, by providing a unique gateway architecture for secure corporate mobility.

Technologies, Techniques, and Standards

Free decryption tools now available for Dharma ransomware (CSO Online) Researchers have created decryption tools for the Dharma ransomware after someone recently leaked the encryption keys for it.

GDPR: Should you delete all emails after a certain period? (Computing) Robert Bond, partner at law firm Bristows LLP, explains how to deal with the tricky issue of having sensitive data mixed through your email databases,Legislation and Regulation,Cloud and Infrastructure,Privacy ,email,GDPR,Cyber security

Adding threat intel to your security stack (SC Magazine US) This month we are addressing another of the new categories that we've added this year: threat intelligence.

How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure (Cyberscoop) Good news is rare in cybersecurity, but here's some: Coordinated, responsible disclosure of software security vulnerabilities is increasingly the norm.

How to respond to a cyber attack (CSO Online) Following a breach, organizations should focus on mitigating damage and data loss and providing information to law enforcement. Partner at Ballard Spahr, LLP and former Assistant U.S. Attorney Ed McAndrew and Guidance Software President and CEO Patrick Dennis have compiled best practices for preparing and responding to a cyber-attack and working with law enforcement.

4 Easy Ways to Protect Your Company From a Cyber Attack (Entrepreneur) As the frequency of cyber-attacks and data breaches grows, the failure to have a plan of counterattack for your company is no longer an option.

Economic Development: Be sure to protect your business from cyber attack (The Billings Gazette) Is Your Business at Risk for a Cyber Attack?

Design and Innovation

Why A Computer Beating Poker Pros Is Great News for Cybersecurity (Anomali) Use of Machine Learning (ML) is a hot topic in cybersecurity, one which will undoubtedly shape the industry for years to come. To see evidence of this we’d have to look no further than the booths at this most recent RSA Security Conference, where ML was promised as a solution for corporate cybersecurity problems. But why exactly will ML play such a prominent role, and how could it prove useful? Oddly enough the answer comes from the recent victory of ML in a game of poker.A competition

Academia

Virginia Cyber Range to grow under new agreement (Virginia Business) Virginia’s new cybersecurity training platform is set to grow statewide thanks to a partnership with Amazon Web Services (AWS).

Legislation, Policy, and Regulation

Trade secrets directive to add to GDPR, NIS directive and Privacy Shield (Computing) Organisations warned of even more EU directives targeted at IT security,Security,Privacy,Threats and Risks,Cloud and Infrastructure ,Cloud,GDPR,secrecy,data security,Privacy,trade secret,Bristows,Robert Bond,General Data Protection Regulation

Uncertain future for Wassenaar 'cyberweapons' agreement under Trump (The Parallax) Revision proposals for the international Wassenaar agreement to control weapons exports aim to address language that could impede security researchers.

China warns against cyberspace becoming a battlefield amid rising international tensions (International Business Times UK) China also called for 'international peace and security' to prevent an 'arms race' in cyberspace.

Parliament: Mindef sets up new cyber command to beef up defence against cyber attacks (The Straits Times) SINGAPORE - The Defence Ministry (Mindef) will set up a cyber command to beef up its defence against cyber attacks, and rope in National Servicemen (NSmen) to play a bigger role in safeguarding the nation's military networks.. Read more at straitstimes.com.

Pentagon Advisers Want Cyber ‘Tiger Teams,’ More Authorities for Cyber Command (Defense One) Pentagon advisers: We need more infrastructure cybersecurity. Congress: We want more election-hacking security.

McCain continues push for cyber policy (FCW) Arizona senator says the U.S. still lacks a clear policy for deterring and defending against cyberattacks and vows to pressure the Trump administration to develop a comprehensive cyber strategy.

Infosec mourns over Howard Schmidt, who helped make the country a safer place (CSO Online) Howard Schmidt advised both President Brack Obama and George W. Bush on cybersecurity. He was a CSO at Microsoft and a CISO at eBay. He led several industry groups, and wrote books on cybersecurity. But when security professionals remember him, it is not so much for his technical accomplishments as for the impact he had on the people around him. He is remembered as a mentor, a communicator, and an educator

Litigation, Investigation, and Law Enforcement

The FBI Allegedly Asked SoundCloud to Delete a Phone Call Recording (Motherboard) Maybe SoundCloud should start a transparency report.

Here Are Some Papers Written By An Arrested Russian Cyber Security Researcher (BuzzFeed) Ruslan Stoyanov was an influential investigator of Russia cybercrime before his December arrest by the Russian government on charges of treason.

Canada accidentally releases classified documents on counterterrorism plans (Defense News) One of the security measures outlined in the document permits fighter jets to shoot down a hijacked commercial airliner in order to protect the CN Tower in Toronto.

Navy's mishandling of classified documents spawns series of investigations (CBC News) The Canadian military conducted almost a dozen formal internal investigations into the "loss or compromise" of classified information during a six year period, and over half of them involved the navy, internal defence department data shows.

California Supreme Court: No, you can’t hide public records on a private account (Ars Technica) "Open access to government records is essential."

The Strange Story of an Alleged Hacker Killed by Police (Motherboard) The first episode of Motherboard’s new pluspluspodcast takes you deep into a twisted tale.

Software engineer detained at JFK airport; forced to prove he is really an engineer (HackRead) Visitors to the US are currently going through a lot of trouble due to the temporary immigration ban imposed by Trump administration and the increased secu

Ex-White House Secret Service officer guilty of “at work” teen sexting charges (Ars Technica) Many of his online chat sessions with an officer posing as minor happened on the job.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government...

Upcoming Events

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army,...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.