skip navigation

More signal. Less noise.

Daily briefing.

Concerns about nation-state hacking rise. Observers see signs of increased use of criminal gangs in state-directed, coordinated, or inspired operations. The activities of the Lazarus Group may provide a particularly interesting example: whoever may be directing them, their crimes do seem to chime with the interests of one or two states (and the Internet is looking at you, Russia and North Korea).

FireEye's Kevin Mandia counsels everyone not to expect any markedly reformed behavior from the Russian government. Observers continue to mull Microsoft's call for international norms that would govern conflict in cyberspace: they might bear comparison with those implied by the new edition of the Talinn Manual.

Cyber4Sight has an interesting account of the malware used in the watering hole attacks on Polish banks and other financial institutions. 

Journalists and activists interested in Gulf-region migrant worker issues appear, according to Bleeping Computer, to be receiving the ministrations of an as-yet unattributed cyber espionage campaign. that campaign seems to feature catphishing.

Ransomware continues its predictable evolotion. Observers note that the extortionists' preferred target sets are becoming better-defined. They're focusing their attentions on what are being called "high-value" targets, but these would be better characterized as high-payoff targets, those most likely to pay: governments, healthcare, and small businesses.

In industry news, (more accurately, industry rumor) Google is thought to be shopping for Indian cybersecurity companies.

Former NSA contractor Hal Martin has pled not guilty to charges he purloined highly classified information. The probable lines of his defense have yet to emerge.


Today's issue includes events affecting Australia, Bahrain, Bangladesh, European Union, India, Democratic Peoples Republic of Korea, Poland, Qatar, Russia, United Kindgom, United States.

Catch today's podcast, with its usual summary and interviews from thought leaders. Today we hear from our partners a the University of Maryland's Center for Health and Homeland Security, as legal and policy expert Ben Yelin discusses President Obama's cyber legacy. And, of course, we'll have comments from the RSA show floor.

Interested in some big-picture informed speculation about 2017? Give the special prognostication edition of our podcast a listen. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Dateline RSA 2017

McCaul describes a bleak cyber landscape -- FCW (FCW) The U.S. is losing the cyber war, the House Homeland Security chairman says. Better network defense, offensive capabilities, information sharing and an improved workforce are needed in order to prevail.

Microsoft: Nation-state cyberattacks have changed the security game (SearchSecurity) At RSA Conference 2017, Microsoft President and Chief Legal Officer Brad Smith spoke about the dangers of nation-state cyberattacks.

National Security, Regulation, Identity Top Themes At Cloud Security Summit (Dark Reading) Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.

Nation-state cyberattacks rising, warns former NSA director (SearchSecurity) Gen. Keith Alexander spoke at RSA Conference 2017 on the growing threat of nation-state cyberattacks and the need for improved government cybersecurity.

Data breaches becoming more complex, pervasive and damaging, finds Verizon's 2017 Data Breach Digest (PRNewswire) Data breaches are becoming more complex and are no longer...

Verizon Data Breach Digest 2017 – Perspective is reality (iTWire) Verizon's annual Data Breach Investigations Report (DBIR) and the companion Data Breach Digest are among the most anticipated reports each year...

Data breach digest. Scenarios from the field. (Verizon) We investigate hundreds of data breaches every year. Take a look at our case files.

Global Cyber Alliance Calls on Leading Cyber Companies To Improve Email Protections (Yahoo! Finance) There is a fix that can prevent a great amount of email-born attacks on consumers and businesses. Unfortunately, the vast majority of public and private organizations globally, including leading cyber ...

RSA panel covers cryptography trends, elections and more (SearchSecurity) Expert panel discussed cryptography trends, hacking in politics and elections, quantum cryptography and more at RSA Conference 2017.

A slew of cyber security offerings announced at RSA conference (InfotechLead) RSA, a Dell Technologies business, announced the new RSA Risk & Cybersecurity Practice designed to help operationalize security architecture.

Get Familiar With 'Mike Tyson’s Law of Cybersecurity’ (Fortune) RSA's tech chief invokes wisdom from a former pro boxer.

Researchers demonstrate ransomware for industrial control systems (Help Net Security) A group of researchers showed that it's possible to craft ransomware aimed at compromising and fiddling with industrial control systems.

RSA 2017: SophosLabs report examines Top 10 Android malware (Naked Security) Android malware is on the rise according to the findings of Sophos Labs. We look at the top 10 malware families for the platform

InfoArmor VigilanteATI: Threat intelligence from the Dark Web (Help Net Security) VigilanteATI provides a threat intelligence platform based on data gathered by an elite team of researchers that harvest information from the Dark Web.

Recorded Future Combines Technical, Open, and Dark Web Sources of Threat Intelligence for the First Time (Yahoo! Finance) Recorded Future, the threat intelligence company, today expanded its threat intelligence solution to give threat intelligence analysts and security operations centers access to an unrivaled breadth of technical, open, and dark web sources in a unified solution.

Duo Security and Intel Announce Collaboration on Native U2F Authentication for Windows Devices (PRNewswire) Intel Corporation announced that it will collaborate with Duo...

RSA 2017: Cyber Threat Alliance adds members, introduces new president (SC Magazine UK) The newly-formed Cyber Threat Alliance held a press conference at RSA 2017 to announce progress it has made since its inception one month ago.

Easy Solutions launches digital threat protection suite (Help Net Security) Today at RSA Conference 2017 in San Francisco, Easy Solutions unveiled its Digital Threat Protection suite. The offering enables organizations with a proac

Targeted attack prevention in cloud email and messaging systems (Help Net Security) The GreatHorn Threat Platform enables social engineering, phishing, and targeted attack prevention in cloud email and messaging systems.

Corero Network Security’s SmartWall® Threat Defense System Honored for Innovation and Product Leadership at RSA 2017 (Corero) Corero Network Security’s(LSE: CNS) flagship product, the SmartWall® Threat Defense System (TDS) appliance, was presented multiple industry awards at the annual 2017 RSA cybersecurity conference.

IBM Partners with Qualys to Expand Its Managed Security Services (MSS) Portfolio (Yahoo! Finance) RSA Conference USA 2017, Booth #N3817 -- Qualys, Inc. , a pioneer and leading provider of cloud-based security and compliance solutions, today announced an expanded partnership with IBM that will add Qualys' ...

Qualys Joins IBM Security App Exchange Community (Marketwired) New Qualys App for QRadar Security Intelligence Platform combines IT asset and vulnerability data with real-time analytics in a single dashboard

Imperva Detects and Protects Against Ransomware with the Introduction of SecureSphere v12 - ( Real-time, deception-based approach protects against ransomware before valuable data is encrypted

Ayehu Introduces Next Generation IT Automation and Orchestration Platform Integrated with Machine Learning Intelligence (Marketwired) Ayehu's next generation platform, driven by machine learning intelligence, is a force multiplier for overwhelmed and understaffed IT and security operations teams

Aricent and Rohde & Schwarz Cybersecurity unveil a unique bandwidth control solution to enhance customer experience for mobile operators and network equipment providers (ipoque) Aricent Traffic Detection Function (TDF) provides communication service providers an opportunity to capitalize on analytics for traffic optimization, charging and content manipulation, working hand in hand with the policy management system.

Core Security and STEALTHbits Technologies Partner to Extend IAM to Unstructured Data (PRNewswire) Core Security®, a leader in Vulnerability, Access Risk...

Tenable launches cloud-based vulnerability management platform (SearchCloudSecurity) Tenable Network Security introduced a cloud-based vulnerability management platform that allows third parties to easily import and export vulnerability data.

Qualys Cloud Platform offers two new disruptive services (Help Net Security) Qualys announced a major expansion of its Qualys Cloud Platform. New services include File Integrity Monitoring and Indicators of Compromise detection.

Dell Details Security Strategy at RSA Conference (eWeek) VIDEO: Speaking at the RSA Conference, Michael Dell discusses his company's security strategy.

illusive networks honored as Gold winner in the 13th Annual 2017 Info Security PG's Global Excellence Awards® in Advanced Persistent Threat (APT) Detection and Response (PRNewswire) illusive networks announced today that Info Security Products Guide, the industry's leading information security research and advisory guide, ...

Cyber Attacks, Threats, and Vulnerabilities

Analysis of Malware Used Watering-Hole Attacks Against Polish, Other Financial Institutions (Cyber4Sight) Cyber4Sight has analyzed the malware distributed via the compromised Polish Financial Supervision Authority webpage and used in targeted attacks against a number of large banks and telecommunication companies.

Proper Planning Key To Pre-Empting Invisible Cyberattacks (Top Tech News) More than 140 enterprise Relevant Products/Services networks in a range of business sectors in 40 countries have experienced "invisible" cyber attacks.

Ransomware attackers shift focus and resources to high-value sectors (Naked Security) Perhaps unsurprisingly, the cyber-crooks are going after the sectors most likely to pay up: healthcare, government, critical infrastructure and small businesses

It's true: Russia really is the centre of ransomware development - Kaspersky (Computing) 47 out of the 62 crypto-ransomware families developed by Russian speaking cyber-crooks

Top phishing targets in 2016? Google, Yahoo, and Apple (Help Net Security) For every new phishing URL impersonating a financial institution, there were more than seven impersonating technology companies.

Mysterious Girl at the Heart of Cyber-Espionage Campaign (BleepingComputer) During the past year, social media profiles belonging to a girl named Safeena Malik have been at the heart of a series of phishing attacks that have targeted journalists and activists investigating Qatari migrant worker labor issues.

FireEye CEO Says Russia Cyber Operations Will Not Change ( FireEye CEO Kevin Mandia discusses rising threats, spending on cybersecurity, and Russian cyber attacks. He speaks with Caroline Hyde on “Bloomberg Technology” from the Goldman Sachs Technology and Internet Conference in San Francisco. (Source: Bloomberg)

Hack the Pentagon II finds vulnerability in secure DoD systems (Fifth Domain | Cyber) A group of ethical hackers led by cybersecurity firm Synack Inc. has used a proprietary vulnerability intelligence platform to identify weaknesses in a file-transfer mechanism used to transmit classified materials for the Pentagon.

Federal cyber-incidents were down in 2016 — at least on paper (Cyberscoop) This article first appeared on FedScoop. Federal agencies in 2016 experienced less than half the number of cyber-incidents they did in 2015, according to new Government Accountability Office data — but there’s a catch. The drop-off from 77,183 agency cyber-incidents reported to the Department of Homeland Security’s U.S. Computer Emergency Readiness Team in fiscal 2015 …

IoT Smart Dust – The Next Internet of Zombies (Learn More - Video) - American Security Today (American Security Today) The Internet of Things (IoT) is placing an unprecedented number of unsecured devices on the Internet every day that are being leveraged by hackers to steal data and to launch Denial of Service Attacks (DDoS).  These devices are coming in the form of thermostats, refrigerators, pet feeders, cameras, healthcare devices, and more. Gartner estimates that …

No, you can’t get Verizon Unlimited free for 12 months (Naked Security) Be careful not to get caught in the net of phishing scams masquerading as free data from a mobile phone provider

Security Patches, Mitigations, and Software Updates

Microsoft shelves all February security updates (PCWorld) Microsoft today took the unprecedented step of postponing an entire month's slate of security updates for Windows and its other products.

Microsoft aims to calm cloud security fears with revamped Trust Center site (BetaNews) The modern Microsoft places more importance on the cloud than ever before, and this means addressing the security concerns that users might have. As part of this, the company has upgraded and redesigned its Trust Center, home to a wealth of security information.

Twitter stumbles on safety feature as users push back (Naked Security) Users push back on a plan by Twitter to ditch notifications on being added to lists

Cyber Trends

Security programs not keeping up with IoT threats (Help Net Security) IT pros understand the dangers facing their companies, but don’t have the necessary solutions to address these new IoT threats.

Akamai Releases Fourth Quarter 2016 State of the Internet / Security Report (Yahoo! Finance) Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today released its Fourth Quarter, 2016 State of ...

CISO Investment Blueprint for 2017: Demystifying the Role of Bug Bounties in Modern Application Security Programs (Bugcrowd) We surveyed 100 CISOs and security decision makers across 17 industries and found that today’s application security teams are facing resourcing issues that are making them vulnerable.

Reduce the Likelihood of an Attack Through an IAM Maturity Model (Centrify) Forrester estimates that 80% of security breaches involve privileged credentials.


Google looks to invest or buyout startups to serve next billion users in India - ETtech ( Co to directly invest in or acquire cos that cater to whom it refers to as next billion internet users

Products, Services, and Solutions

Zurich North America, Deloitte collaborating on cyber protection (Canadian Underwriter) Zurich North America and Deloitte reported on Tuesday that they are working together to provide services for customers to help them better understand and protect themselves from cyber related risks. Initial offerings include risk transfer options provided by Zurich and…

Inside Confide, the chat app 'secretly used by Trump aides': OpenPGP, OpenSSL, and more (null) Security experts skeptical of encrypted messenger's claims

Forget the network perimeter, say security vendors (PCWorld) Security vendors start embracing Google's BeyondCorp network security model that treats all apps and devices as being on the Internet instead of assigning higher trust to local networks.

Northwest IT Services and Technoideas First to Resell Uplevel's Managed IT Service for Small Business (Yahoo! Finance) IT consulting firms Northwest IT Services and Technoideas have joined Uplevel Systems' Partner Program and will be first to offer Uplevel's managed information technology (IT) services to small businesses. Northwest IT Services is a full-service

Telstra launches Gateway Frontier to get users back online during an outage (CRN Australia) Will automatically swap to 4G during fixed-line disruptions.

Juniper Networks Announces Technology Alliance Partnerships to Expand Software-Defined Secure Networks (Yahoo! Finance) Juniper Networks , an industry leader in automated, scalable and secure networks, today announced technology alliance partnerships with several leading security providers across a variety of critical areas, ...

Gemalto launches two new solutions ‘SafeNet Luna HSM 7’, ‘SafeNet Speed Encryptors’ (BGR) These solutions are aimed to provide fast speed, performance and security for organizations using IoT, and cloud-based applications.

Technologies, Techniques, and Standards

What does GDPR mean for you? (Digital Guardian) With its enforcement date approaching, here are some key points to consider in preparing your organisation for GDPR compliance.

Legislation, Policy, and Regulation

Australia will get mandatory data breach notifications this year (CRN Australia) After three years of trying.

Australian businesses must now report if they’ve suffered a data breach (TechRadar) New legislation just awaiting the royal nod to become law

Enhanced cyber attack defence ‘more critical than ever’ (Scotsman) Britain’s defences against cyber attacks are more critical than ever as the vast majority of the population use online services, a senior security official has said.

The Queen watches mock cyber attack at new security centre - Real Business (Real Business) Her Majesty the Queen has opened a new centre created to protect Britain against cyber attack breaches, with 60 serious examples occurring each month.

Video: Likelihood of cyber attack on UK a case of "not if but when" - ( Security expert Major-General Chip Chapman says a state-sponsored cyber attack of some kind is "very likely" and the NHS is most at threat.

Three candidates emerge to replace Flynn as national security adviser (Fox News) President Trump’s embattled national security adviser Michael Flynn resigned Monday night and three names have emerged as possible replacements.

Bill orders Pentagon to fix knowledge gap in National Guard, reserve cyber capabilities ( DoD has no central database that tracks exactly what those capabilities are, and there are no immediate plans to build one.

Litigation, Investigation, and Law Enforcement

Ex-NSA contractor pleads not guilty to spying charges in federal court (Washington Post) Former NSA contractor Harold Martin is accused of massive theft of classified data

NSA Worker Denies Stockpiling Top-Secret Defense Files At Home (Odenton-Severn, MD Patch) An NSA contractor from Glen Burnie has pleaded not guilty to 20 counts of stealing top-secret documents; he faces 200 years in prison.

Here's why Michael Flynn still needs to be investigated (Mother Jones) What did he tell Moscow while it was meddling in the US election to help Trump?

Border guards force US citizen to unlock his NASA-owned work phone (Naked Security) There’s been an outcry at the experience of a NASA engineer detained on arrival in the US – but your rights if this happens to you aren’t clear

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid...

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training...

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24,...

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can...

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers,...

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.