skip navigation

More signal. Less noise.

Daily briefing.

Palo Alto researchers have discerned how Shamoon spreads its destructive payload: its operators use a mix of "legitimate tools and batch scripts" to download it to hostnames the attackers know exist on the target network.

FireEye offers some insight into how APT29 (a.k.a. Cozy Bear, that is, by general consensus, Russia's FSB) evades detection—the threat actor uses domain fronting to disguise traffic with the appearance of its being directed to a host allowed by network censors. (Domain fronting has also been used by less sinister organizations to bypass government censorship. The technique is ambivalent.)

Two warnings are out to the healthcare sector. First, the US FBI has warned that "malicious actors" attackers are attacking File Transfer Protocol (FTP) servers to establish access to protected health information belonging to medical and dental patients. The motive is apparently a mix of extortion, harassment, and potential identity theft. Second, researchers at Schneider & Wulf have found the embedded webserver in the Miele Professional PG 8528 (an Internet-connected washer-disinfector used to sterilize biomedical instruments) vulnerable to directory transversal attack. There's no patch, yet.

iOS users visiting adult sites are being hit by scareware. The consensus among experts concerning both ransomware and scareware remains that victims should not pay.  

British Home Secretary Amber Rudd joins US FBI Director Comey among the anti-encryption dead-enders. The Westminster attacks have prompted her to call for restrictions on encrypted communications.

A US prosecutor forges a judge's signature on a surveillance warrant to spy on her rival in a love triangle.


Today's issue includes events affecting Egypt, France, Germany, Israel, Italy, Japan, Nigeria, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.

A note to our readers: Our stringer is enroute to Silicon Valley, where we'll be covering SINET's ITSEF conference today and tomorrow. Watch for tweets and upcoming special coverage of this meeting of security tech and policy experts.

On today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin offers expert comment on how an IT worker's knowledge of the TOR network was held against him in a court case. Our guest, Brian Brunetti from Route1 Inc., tells us about VPN security.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security.

SINET ITSEF 2017 (Silicon Valley, CA, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

The Cyber Security Summit: Atlanta and Dallas (Atlanta, GA, USA, April 6, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Jailbreak Security Summit - Insecurity Tools (Laurel, Maryland, USA, April 28, 2017) Join some of the world's best security researchers as they talk about vulnerabilities in security tools at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.

Cyber Attacks, Threats, and Vulnerabilities

New Clues Surface on Shamoon 2’s Destructive Behavior (Threatpost) Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks.

Shamoon 2: Delivering Disttrack - Palo Alto Networks Blog (Palo Alto Networks Blog) Unit 42's continued investigation into Shamoon 2 has unearthed more details into the method by which the threat actors delivered the Disttrack payload.

APT29 Cyberspies Use Domain Fronting to Evade Detection (Security Week) The Russia-linked cyber espionage group known as APT29 has been using a technique called “domain fronting” in an effort to make it more difficult for targeted organizations to identify malicious traffic, FireEye reported on Monday.

CIA, NSA and the IoT: What We Learned (IoT evolution) In his June article, The NSA wants to exploit IoT devices for surveillance and sabotage, Pierluigi Paganini foretold: “Thanks to the Internet of Things devices, we become nodes of a global network, hacking this network allow spies to spy on everyone. This is also the intent of the U.S. National Security Agency who is working to develop cyber espionage capabilities through IoT devices.”

FBI Warns Healthcare Industry of FTP Attacks (Security Week) The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) has issued an alert to warn the healthcare industry that malicious actors are actively targeting File Transfer Protocol (FTP) servers that allow anonymous access.

Cyber criminals targeting healthcare orgs' FTP servers (Help Net Security) FBI's Cyber Division is warning healthcare organizations about cyber criminals using their FTP servers for various malicious purposes.

Medical washer-disinfector appliance's web server open to attack (Help Net Security) An Internet-connected medical washer-disinfector appliance by German manufacturer Miele sports a vulnerable embedded web server.

Doxed by Microsoft’s Users unwittingly shared sensitive docs publicly (Ars Technica) Thousands of docs with sensitive data still reachable from search engines, including health data.'s "public by default" setting to blame for users publishing sensitive info? (Help Net Security) The search option on Microsoft's has been temporarily disabled as it could be used to trawl published documents for sensitive user information.

API flaws said to have left Symantec SSL certificates vulnerable to compromise (CSO Online) Over the weekend, Chris Byrne, an information security consultant and instructor for Cloud Harmonics, published a post to Facebook outlining a serious problem with the processes and third-party API used to deliver and manage Symantec SSL certificates. If exploited, the flaws would allow an attacker access to public and private keys, as well as the ability to reissue or revoke certificates.

Symantec vs. Google: The CA Fight Continues. What do you need to know? (SANS Internet Storm Center) Google has long been vocal about Symantec's use of "test certificates". Google alleged that Symantec does not provide sufficient controls to prevent an abuse of its widely respected certificate authority.

"Unique and Highly Sophisticated" Vulnerability Found in LastPass Manager (HackRead) Tavis Ormandy, a security researcher for Google, has managed to find yet another flaw in the LastPass password manager. Ormandy has reported several critic

LastPass Races to Fix Yet Another Serious Flaw (Infosecurity Magazine) LastPass Races to Fix Yet Another Serious Flaw. Google’s Ormandy once again the bearer of bad news

DDoS attacks for $7 an hour - Kaspersky ( Research finds governments are expensive targets,Security ,Kaspersky Labs,Cyber Crime,Cyber security,ransomware,DDoS

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users (Ars Technica) Apple fixes flaw attackers used to trick uninformed users into paying a fine.

Scareware scammers target iOS users (Help Net Security) A bug in the way that the Mobile Safari browser handles pop-up dialogs has been abused to mount an iOS scareware scam campaign.

Windows XP has the largest number of users, says Avast (Deccan Chronicle) The number of users are more than Windows Vista and Windows 8 combined

Outdated software biggest cyber-breach culprit (IT Pro Portal) Better update that software, people.

Hacking the Business Email Compromise (Dark Reading) BEC attacks are on the rise, but plain-old spoofing of business executives' email accounts remains more prevalent.

Is our electric grid safe from cyber attack? ( So how safe is our electric grid from cyber attacks? That's the question I posed to Andrew Ott, chief executive of a regional transmission organization that acts as an air traffic controller for electrical power in 13 states and Washington DC.

USA can afford golf for Trump. Can't afford .com for FBI infosec service (Register) So guess what spoofers are doing with the fake site? Yup – getting dupes to log in

Security Patches, Mitigations, and Software Updates

Apple Dials Up Encryption as Mobile Threats Soar (Infosecurity Magazine) Apple Dials Up Encryption as Mobile Threats Soar. Nokia report reveals 83% increase in smartphone infections

Microsoft Patches Third Zero-Day Used in Massive Malvertising Campaign (BleepingComputer) Microsoft has patched a zero-day vulnerability that was used in the massive AdGholas malvertising campaign and later integrated into the Neutrino exploit kit.

After getting pwned and owned, Microsoft vows to fix Edge security (Computerworld) Microsoft is working to reduce the attack surface and restrict unauthorized access of its Edge browser.

Cyber Trends

Nokia Threat Intelligence Report: Malware at all time high, IoT devices vulnerable as well (Tech2) The latest Threat Intelligence Report released by Nokia says that mobile device malware infections are at an all-time high.

IT pros spend too much time handling emergencies (Help Net Security) On average, IT workers spend 29 percent of every day reacting to unplanned incidents or emergencies, which equates to more than 14 weeks a year.

Understanding Europe's insider threats (Help Net Security) 35% of employees across the UK, France, Germany and Italy admit to have been involved in a security breach, presenting regional CISOs with a challenge.


Cirrus Networks acquires NGage Technology Group (CRN Australia) Deal brings together two veterans of CRN Fast50.

KeyW and Sotera Defense Solutions Announce Early Termination of Hart-Scott-Rodino Waiting Period ( The KeyW Holding Corporation (NASDQ:KEYW) and Sotera Defense Solutions today announced that, on March 24, 2017, The KeyW Holding Corporation (KeyW) and Sotera Defense Solutions (Sotera) received notice from the U.S. Federal Trade Commission that it had granted early termination, effective immediately, of the applicable waiting period under the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR Act) for KeyW's pending acquisition of Sotera.

Coalfire acquisition tracks with Veris Group's founding principles -- Washington Technology (Washington Technology) Veris Group founders David Svec and Douglas Greise created a company with a focus on cyber consulting and related services and its acquisition by Coalfire Group continues that vision.

Here’s What Just Set FireEye Ablaze (Market Realist) Cybersecurity (HACK) firm FireEye (FEYE) saw the value of its shares rise 14.5% last week (ended March 24, 2017), after investment bank Goldman Sachs (GS) upgraded the stock from a “sell” to a “buy.” Analyst Gabriela Borges also raised the stock’s one-year price target from $10 to $15.

Former cyber czar looks to change info sharing (FCW) As the U.S. government continues to wrestle with policies and programs to share intelligence about cybersecurity threats with the private sector, a small non-profit is trying to change paradigms around information sharing.

Trump, Palantir, and the Battle to Clean Up a Huge Army Procurement Swamp (Fortune) Will the President help Peter Thiel’s company, which says it has a product that could save soldier’s lives?

Corporate Japan learning self-defense against cybercrooks (Nikkei) Schooling workers crucial to thwarting the scammers

Products, Services, and Solutions

CK Telecom & Shenzhen Sang Fei Enhance Device Security with Trustonic TEE - Trustonic (Trustonic) Trustonic technology integrated in response to Google mandate for hardware security

Israeli companies are going to set up a Latin American cyber-defense center (Business Insider) Israeli contractors, led by a state-owned company, have won a bid to set up a cyber-defense center in a Latin American country.

Israeli cyber co Waterfall teams with insurance specialists (Globes) THB, CNA Hardy, and Waterfall Security Solutions have entered into a partnership to provide a cyber security protection for industrial businesses.

Avast Signs Three-Year Deal with KYOCERA Document Solutions Canada to Secure Network-Connected Endpoints Throughout Canada (Yahoo! Finance) Avast, the leader in digital security products for consumers and businesses, today announced a partnership with KYOCERA Document Solutions Canada, a top manufacturer of printers and multifunctional products in North America, to deliver customized endpoint security solutions and managed IT services to

Getac partners with Trivalent to provide next generation data protection for the first time in rugged computing devices (PRNewswire) Strategic partnership delivers NSA-approved security for government and commercial markets...

Freedom Security Alliance Receives Application Certification From ServiceNow® (PRNewswire) Freedom Security Alliance, a premier Managed Services Security Provider,...

Technologies, Techniques, and Standards

Advancing Cyber Resilience; Principles and Tools for Boards (BFM: The Business Radio Station) The World Economic Forum is committed to improving the state of the world and is the International Organization for Public-Private Cooperation. The Forum engages the foremost political, business and o...

Hackers Say They’ve Cracked iCloud. Here’s How to Protect Your Account, Just In Case (WIRED) Hackers claim that they'll wipe out hundreds of millions of iCloud accounts on April 7. Apple says there's no breach. Here's what to do in the meantime.

Is It Time to Go on the Cyber Attack? (Channel Partners) Offensive security is still the realm of governments, but even small companies can step up and be proactive.

Consultant urges never pay ransomware demands (CSO Online) When ransomware criminals lock up files and demand payment to decrypt them, don’t pay but be prepared with backup.

Legislation, Policy, and Regulation

Home Secretary calls for an end to encryption (bit-tech) Home Secretary Amber Rudd has spoken out against strong cryptography, following reports that the person responsible for four deaths in Westminster last week sent a message via the popular WhatsApp chat service shortly before his attack, claiming she will enlist the help of people 'who understand the necessary hashtags.'

Experts Hit Back at Rudd’s ‘Cheap’ WhatsApp Shot (Infosecurity Magazine) Experts Hit Back at Rudd’s ‘Cheap’ WhatsApp Shot. Home secretary wants an end to end-to-end encryption

Banks Want CBN to Establish Security Framework against Cyber Crime (THISDAYLIVE) Bassey Inyang In Calabar Chief security officers (CSOs) of banks in the country have urged the Central Bank of Nigeria (CBN) to establish an internal framework within the banking system to blacklis…

New Cyber Rules to Safeguard Supply Chain (National Defense) The Defense Department supply chain is part of the nation’s critical infrastructure providing the DoD and its contractors with key materiel and services.

Should a DISA-like agency take over cyber, IT for all civilian agencies? (FederalNewsRadio) The former head of the NSA told House Homeland Security Committee members they should go further than just creating a new cyber agency within DHS.

Litigation, Investigation, and Law Enforcement

Lone Wolves No More (Foreign Affairs) After the London attacks, the public understanding of lone-actor terrorism may finally be changing for the better.

What made an Israeli hacker terrorize Jewish centers worldwide? (Ynetnews) Analysis: After arresting an Ashkelon resident over bomb threats to Jewish centers around the world, police investigators are trying to figure out his motive: Psychological issues, a childish search for an ego boost, or revenge over the fact that he was not drafted into the IDF?

Michael Flynn may have turned on Donald Trump and 'become FBI informant' (The Independent) Donald Trump's first choice for National Security Adviser may have turned on the US leader to become an FBI informant, a former Department of Homeland Security official has suggested.  Juliette Kayyem said her sources indicate that Michael Flynn has drifted into the shadows because he may “have a deal” with the Bureau.

Exposing the farcical claims about Russian hacking of the election (Fabius Maximus website) Summary: As the hysteria builds about Russia’s “hacking” the presidential election by revealing hidden truths, the factual basis of the story continues to erode. The episode displ…

Feds: Brooklyn prosecutor forged judges’ signatures to wiretap lover (Ars Technica) Tara Lenich was entangled in a reported "love triangle gone wrong."

Jail Time Set for Two More Members of Global Telecom Fraud Scheme (Dark Reading) Ramon Batista and Farintong Calderon have been sentenced to 75 months and 36 months in prison, respectively.

Alleged vDOS Owners Poised to Stand Trial (KrebsOnSecurity) Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline.

Google faces $750m bill in video boycott (Times (London)) A boycott of Google by some of the world’s largest companies will cost it more than $750 million a year, analysts have predicted. Advertising revenues from YouTube, Google’s video platform, will...

FISAgate: The Question Is Not Whether Trump Associates Were Monitored (National Review) It's wether it was done abusively.

Articles: Obama Did Wiretap Trump: It’s Like Putting Together a Russian Nesting Doll (American Thinker) Matryoshkas are Russian nesting dolls. Inside each doll are several others, smaller but identically shaped characters, until you get to the smallest one inside.

Czech Leader Says Computer Hacked With Child Porn (Security Week) Czech President Milos Zeman has alleged that hackers based in the US state of Alabama put child pornography on one of his computers a year ago, his official website said Monday.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

SeaAirSpace (National Harbor, Maryland, USA, April 3 - 5, 2017) The Navy League's Sea-Air-Space Exposition brings the U.S. defense industrial base, private-sector U.S. companies and key military decision makers together for an annual innovative, educational, professional...

Upcoming Events

SINET ITSEF 2017 (Mountain View, CA, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge.

PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product,...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.