skip navigation

More signal. Less noise.

Daily briefing.

The Islamic State's recent setbacks on the ground have cost ISIS territory and much of its pretension to being a government even as Interpol circulates a list of 173 suspected members of Caliphate suicide units. ISIS has maintained its Russian-language propaganda service, but other operations in cyberspace are showing signs of strain. 

WannaCry and NotPetya continue to look like state-sponsored works of disruption. Companies affected by the campaigns are still working on recovery and damage assessment. Maersk and other victims emphasize one point: customer data do not appear to have been compromised in the attacks.

Both WannaCry and NotPetya propagated rapidly; comparable spreader technology is appearing in other strains as well. Fidelis has been tracking spreader functionality as it's been added to the widely used Emotet loader.

Malwarebytes and Synack are tracking Mac malware that's quietly infested the Mac ecosystem for years, going largely undetected. "Fruitfly," as it's called, is regarded as both primitive and mysterious. It's infection mechanism and purpose both remain unclear.

In industry news, healthcare cybersecurity startup Protenus has received an additional $3 million in funding, bringing its Series A total to $7 million. Nyotron, which offers a threat-agnostic defensive solution designed to be effective against unknown threats, has raised $21 million in its recent funding round.

South Korea's Defense and Foreign Ministries are reorganizing and upgrading cyber defenses. Saudi Arabia is also shaking up its counterterror and domestic intelligence services.

Microsoft wages lawfare against Russia's GRU, using IP law to seize domain names from Fancy Bear.

Notes.

Today's issue includes events affecting Australia, China, Egypt, European Union, Finland, Germany, Hungary, Iraq, Ireland, Israel, Republic of Korea, Liberia, Mexico, Qatar, Russia, Saudi Arabia, Singapore, Syria, United Arab Emirates, United Kingdom, United States.

Best Practices for Applying Threat Intelligence

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

In today's podcast, we hear from our partners at Palo Alto Networks, as Rick Howard describes a new application framework Palo Alto is offering to peers.

CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Attacks, Threats, and Vulnerabilities

Islamic State's Russian-language Propagandists Show Little Sign of Slowing Down (VOA) Assessment comes as some IS propaganda operations appear to be in decline

Cracks in the Online “Caliphate”: How the Islamic State is Losing Ground in the Battle for Cyberspace (Perspectives on Terrorism) This article argues that the Islamic State’s cyber jihad, fully launched in 2014, is currently undergoing a regression that is demonstrated by the weakening of its quality, coverage and effectiveness.

The Myth of ISIS's Strategic Brilliance (Defense One) The group has adapted to battlefield setbacks. But that doesn't mean it factored territorial losses into its master plan.

Russians Suspected in NotPetya Malware Attacks (Washington Free Beacon) A recent international cyber attack that began in Ukraine involved sophisticated malware and was likely carried out by the Russian government or hackers.

Motivation Mystery Behind WannaCry, ExPetr (Threatpost) A shift in APT tactics is emerging as characterized by the destructive ExPetr attacks hidden in ransomware, and WannaCry, which also failed to turn a profit.

'NotPetya' and 'WannaCry' cyberattacks on international government infrastructure and organisations a wake-up call (Security News Desk) After ‘NotPetya’ and ‘WannaCry’ cyberattacks on international government infrastructure and organisations, we explore how future attacks might be mitigated.

A cyberattack is going to cause this tech company to miss earnings (CNBC) Nuance Communications sees third-quarter earnings and revenue below Wall Street estimates.

Maersk: No Data Lost amid Cyber Attack (World Maritime News) Responding to the latest cyber security queries, Danish shipping conglomerate Maersk reassured that no data had been lost due to the cyber attack.

The #StayCurrent Report: analyzing the impact and legacy of WannaCry (1E Enterprise Software Lifecycle Automation) In May 2017, the WannaCry virus entered the history books as one of the most destructive ransomware attacks of all time. 1E asked 400 US IT professionals about their experiences of the attack.

Top Ten Lessons Learned from WannaCry (Infosecurity Magazine) The WannaCry ransomware variant changed the view of ransomware globally, mainly due to its ability to capture multiple major businesses and critical infrastructure.

WikiLeaks: CIA analyzed Russian and Chinese malware to inspire its own hacking and surveillance tools (BetaNews) Some four months after the first Vault 7 leak, WikiLeaks continues to publish revealing CIA documents that detail the agency's ability to hack, infiltrate and surveil targets. The latest batch goes under the banner

WikiLeaks Release Documents on How CIA Uses 5 Different Malware (Hakcitech) WikiLeaks has released a trove of data belong to the American intelligence agency CIA (Central Intelligence Agency) – The latest batch shows how CIA uses five different malware to target unsuspecting users.

Lessons to learn from the Qatar crisis before a cyber war breaks out | Opinion (Newsweek) Without regulation, the use of cyberspace for attacks will contribute to an online arms race.

Emotet takes wing with a spreader (Fidelis Cybersecurity) The recent Wannacry and Petya outbreaks have demonstrated the potency of ransomware coupled with a propagation component (spreader). While typical ransomware infections lead to the denial of access of data on a single victim system, it becomes an enterprise threat when it can propagate out, via mounted shares or the use of exploits (WannaCry - EternalBlue/MS17-010) or even both (Petya).

Mysterious Mac Malware Has Infected Victims for Years (Motherboard) The mystery of a Mac malware called “FruitFly.”

Wells Fargo Accidentally Releases Trove of Data on Wealthy Clients (New York Times) A plaintiff suing an employee of Wells Fargo Advisors was sent a CD containing thousands of sensitive client records — which came from a lawyer for the bank.

The Stantinko Botnet is Back After Years Under The Radar (Virus Guides) ESES researchers alert that Stantinko – a huge botnet which hasn’t been detected for the past five years – is now not only back but it also managed to infe

Hacker made off with over 5.5 million Social Security Numbers across 10 states (CSO Online) The PII of 6,367,467 users from 10 states was exposed when America's JobLink Alliance Technical Support was breached, according to records obtained via an open records request.

Stealthy Botnet with Half a Million Slaves Represents 'Major Threat' (Infosecurity Magazine) ESET said that it can send a fully featured backdoor, and perform brute-force attacks on Joomla and WordPress panels.

Stantinko Modular Backdoor Infected Over 500,000 Computers (BleepingComputer) Over 500,000 users have had their computers infected with a stealthy malware named Stantinko, according to a 99-page report released yesterday by Slovak antivirus maker ESET.

Watch out for the Android malware that snoops on your phone (Naked Security) GhostCtrl, being distributed by rogue versions designed to look like legitimate apps, can monitor what you do and lock up your device – beware!

No one still thinks iOS is invulnerable to malware, right? Well, knock it off (Register) As platform's popularity rose, so did its allure to miscreants

Your Old Phone Number Can Be Used To Hack Facebook Account (HackRead) We all know that in most cases, Facebook users are required to submit their phone number while registering with the social network. This is how they can li

DDoS Attack Still Targeting Final Fantasy 14 (Information Security Buzz) The online game Final Fantasy 14 has been plagued by DDoS attacks for more than a month, since its release in June, with the developer saying that the DDoS attacks targeting its North American data centre have shown no signs of stopping and are increasingly difficult to contain. Stephanie Weagle, VP at Corero Network Security commented …

UCC hit by €110,000 attack from cyber gang - Independent.ie (Independent) Cyber criminals mounted a major attack to steal €110,000 from University College Cork (UCC), the Sunday Independent can reveal.

Ricoh Australia printer guides exposed online (CRN Australia) Run-up guides for multifunction devices were accessible for a period.

Ocean's Eleven: How hackers tried to steal from a casino by hijacking a smart fish tank (International Business Times UK) Security experts said that hackers managed to steal some data and send it to a device in Finland before the attack was stopped.

Security Patches, Mitigations, and Software Updates

QNAP keeps quiet on critical flaw that corrupts data (CRN Australia) Bug goes without mention.

Segway MiniPro patched to stop hackers hijacking remote control (The State of Security) Critical security vulnerabilities have been discovered in the Segway MiniPro Hoverboard - but don't worry, they have been fixed!

You Should Update Your Apple Devices Immediately to Fix a Major Security Flaw (Fortune) Otherwise, hackers can take over your devices via WiFi chips

Cyber Trends

Dump the snake oil and show security researchers some respect (ZDNet) Hacker Summer Camp kicks off this weekend, and with many conferences, there's a very noticeable "race to first" by marketing teams. In that race, marketers need to first revere the research and respect the researchers, especially heading into the next 10 days. Here's why.

Ethereum Miners Are Selling Their Graphics Cards (Motherboard) Miners lose, gamers win.

Cisco on cybersecurity threats: We must ‘raise our warning flag even higher’ (FierceTelecom) Cisco’s latest report on the state of cybersecurity opens with a lament that would be astonishing if anyone were paying attention. That is, in fact, the lament: The world doesn’t seem to appreciate how bad the cybersecurity threat is getting.

AI Cyber Wars: Coming Soon To A Bank Near You (Forbes) The battle between cyber criminals and banks is an intensifying arms race.

Soon, your most important security expert won’t be a person (CSO) Trained continually by ever-expanding masses of security data, AI promises to finally help CSOs keep up with the flood

Monetising the IoT is a bigger concern than securing it (Computing) Canonical has found that understanding and 'monetising' the IoT are the top priorities of business professionals today - not security

GDPR confusion is still widespread - but Brexit is no excuse (Computing) Mistakenly thinking Brexit provides exemption and not reading the new definition of personal data are just two factors stopping companies preparing for the General Data Protection Regulation

Marketplace

Cyber Insurance and DDoS (Neptune Web, Inc.) This past spring American International Group (AIG), one of the largest cyber insurance companies, surveyed cyber security and risk experts to gain a deeper understanding of their views of the likelihood and impact of a systemic cyber-attack.

Protenus adds $3M to Series A round (Technical.ly Baltimore) The new investment led by Kaiser Permanente Ventures brings the round total to $7 million.

Nyotron Raises $21 Million Funding Round (Benzinga) Appoints former McAfee executive Peter Stewart to Chief Executive Officer

Blackstone in talks to buy 40 pct of Israel cyber firm NSO -report (Reuters) Blackstone Group (BX.N) is in advanced talks to pay $400 million for 40 percent of privately held Israeli firm NSO Group, a maker of spyware for mobile devices, Israel's Calcalist business newspaper reported on Sunday.

Second act for cybersecurity commissioners: Pritzker, Palmisano, Nadella form nonprofit (Cyberscoop) The Cyber Readiness Institute was launched to help the private sector better address cybersecurity, especially for small and medium-sized enterprises.

Israel - a cybersecurity powerhouse (Canada Free Press) According to the June 15, 2017 Wall Street Journal, six Israeli startups (three in the cybersecurity sector) are among the top 25 tech companies, which may be the global leaders of tomorrow.

Cisco deal is big win for local tech entrepreneurs (stltoday.com) CEO of Observable Networks, founded in 2011, praises St. Louis' talent pool

Q&A: CHRIS COLEMAN (Las Vegas Magazine) Outsourcing to third parties isn’t new, especially as businesses expand and look for ways to lower costs. However, large organizations and government agencies continuing to fall victim to vendor breaches begs the question: Why are we still being compromised by third parties?

Harvard PhD Andy Yen provides tips to governments on cybersecurity protections (CIO) Harvard PhD provides thoughts on innovative Cybersecurity hacks and protections.

Cyberbit Opens Singapore Office (PRNewswire) Cyberbit, whose cybersecurity solutions protect the...

Cyber firm Blue Ridge promotes Gray to COO (Washington Technology) Government and commercial cyber outfit Blue Ridge Networks moves Maureen Gray from the vice president ranks up to chief operating officer.

Products, Services, and Solutions

Microsoft Security Risk Detection is Ready for Customers (Petri) Microsoft Security Risk Detection, a new Azure-hosted "whitebox fuzzing" service, is now generally available following several months of external testing.

Acalvio Partners with Splunk to Deliver Industry’s First Active Deception-Based Ransomware Solution (Alcavio) Acalvio Technologies, an innovator in Advanced Threat Defense, today announced the immediate availability of ShadowPlex-R, a comprehensive, distributed-deception solution for early, accurate and cost-effective detection and mitigation of ransomware. ShadowPlex-R is based on Acalvio’s patented Deception 2.0 technology, which delivers automated and authentic enterprise-scale deception with low IT impact

SKT Develops Hacking-Proof Core Chip for Quantum Cryptography (BusinessKorea) Key equipment was developed for the popularization of quantum cryptography known to be impossible to hack. SK Telecom announced on July 23 that it developed a prototype chip for generating ultra-small quantum random numbers.

Internet Bug Bounty Receives New Funding to Expand Internet Safety Program (Dark Reading) Facebook, Ford Foundation and GitHub donate $300,000 to award hackers who improve internet infrastructure

Industry reacts to Symantec certificate authority trust remediation (SearchSecurity) As the Symantec certificate authority rushes to transfer certificate issuance to a subordinate certificate authority, Symantec needs to watch its back.

Exabeam integrates with ThreatConnect to Improve Enterprise Security (GlobeNewswire News Room) Combination of ThreatConnect’s Threat Intelligence Platform and Exabeam’s Security Automation Improves Incident Response

Cylance Gets Federal Certification (SoCalTech) Irvine-based cybersecurity developer Cylance has received a federal certification for the company's CylancePROTECT software, its artificial-intelligence powered software used for protecting against advanced persistent threats and malware. According to Cylance, it received a "Moderate" certification from the Federal Risk and Authorization Management Program (FedRAMP), which allows it to deploy its software to United States government agencies.

CyberX Rises to Industrial Control System Security Challenge (IT Business Edge) One of the biggest concerns business and IT leaders alike share when it comes to anything to do with Internet of Things (IOT) projects is security. The more devices that get connected to the internet, the bigger the attack surface that needs to be defended becomes.

Card issuer adds new security feature (NerdWallet) Company will alert cardholders when their Social Security number appears on risky websites on the so-called 'dark web.' Here's how it works and what you can do if you get such alerts.

Dashlane review: This password manager makes you smarter about security (PCWorld) With its top-notch password auditing, Dashlane teaches you to better protect yourself online.

Invincea receives perfect score from SC Magazine (Sophos) Invincea gets 5 stars in SC Media’s 2017 Endpoint Security Group Test.

Malwarebytes review (TechRadar) Veteran malware hunter adds even more layers of PC protection

Jetico Disk Encryption Delivers Safe and Easy Upgrade to Windows® 10 Creators Update (IT News Online) Jetico, leading-edge developer of encryption software, announced today version 3.75 of BestCrypt Volume Encryption. By removing the time-consuming and risky need to decrypt and re-encrypt the boot drives, Jetico’s long-trusted solution for disk encryption now enables safe and easy upgrade to Windows® 10 Creators Update, also referred to as RedStone 2 (RS2).

Briar Tor-Based Messenger Passes Security Audit, Enters Beta Stage (BleepingComputer) Briar, an instant messaging service that works over the Tor network, has reached beta stage today, the app's creators announced.

CyberTraining 365 Partners with the Women in CyberSecurity (WiCyS) to Provide Training Opportunities to Aspiring Women in the Field (PRNewswire) Due to the increase in demand for a skilled cybersecurity workforce,...

Spirent Demonstrates Comprehensive Range of Security Solutions and Expertise at Black Hat and DEF CON 2017 Conferences | 07/24/17 (markets.businessinsider.com) Spirent Communications plc (LSE:SPT) will highlight its comprehensive range of security solutions at the upcoming Black Hat and DEF CON 2017 conferences at the Mandalay Bay and Caesars Palace Convention Center in Las Vegas, July 24–30.

Technologies, Techniques, and Standards

Study: Zero days rediscovered much faster (Cyberscoop) The Harvard study shows up to a third of zero days found in the wild might have been secretly known to U.S. agencies, meaning they could have been fixed.

Analysis Of The RANDom Report on Zero-days and Vulnerability Rediscovery (Risk-Based Security) On March 9, 2017, RAND released a report (PDF) titled “Zero Days, Thousands of Nights; The Life and Times of Zero-Day Vulnerabilities and Their Exploits” by Lillian Ablon and Andy Bogart that received a fair amount of press. The RAND press release goes on to describe it as “the first publicly available research to examine vulnerabilities that are still currently unknown to the public“. While the report covers many topics and angles around this discussion, one specific bit that caught our attention was the data put forth around vulnerability rediscovery.

ICS Cybersecurity: 3 Reasons Why Periodic Technical Assessment (Still) Matters (Revolutionary Security) “Our SCADA communications use AES256 and are 100% secure so we don’t worry too much about security.” That’s a real quote from a real Industrial Control System (ICS) manager from this decade. A technical assessment of that system proved otherwise—there were in fact real cybersecurity vulnerabilities that required immediate and long-term remediation.

What is mobile app wrapping? (Computerworld) In a mobile application management strategy, app wrapping allows developers and administrators to apply security enforcement policies to a mobile app without changing its look or functionality.

A leopard can't change its spots: Why physical security appliances can’t move to the cloud (Cato Networks) Palo Alto’s recent introduction of its firewall as a service (FWaaS), GlobalProtect Cloud Service, is the latest example of how firewall appliance vendors are moving to the cloud. Appliances are not aligned with the new shape of business that involves private and public cloud platforms and a mobile workforce needing fast access to business data … Continue reading "A leopard can’t change its spots: Why physical security appliances can’t move to the cloud"

Turn Off Your Push Notifications. All of Them (WIRED) RIP my mentions.

Design and Innovation

Securities blockchain will raise trust among European SMBs, claims IBM (Computing) The system is intended to make it simpler for SMBs to obtain funding by sharing secure financial information

Antivirus for Android Has a Long, Long Way To Go (WIRED) A new study shows that 94 percent of Android antivirus failed to stop a comprehensive set of malware attacks.

Norway Takes Lead in Race to Build Autonomous Cargo Ships (Wall Street Journal) Two Norwegian companies are taking the lead in the race to build the world’s first crewless, autonomously operated electric ship, an advance that could mark a turning point in seaborne trade.

Bitcoin May Have Just Solved Its Scaling Problem (Motherboard) Okay, WTF is BIP 91 and what does it mean for bitcoin?

Twitter says it’s cracking down on the abuse – but is it? (Naked Security) Twitter’s moves to tackle abuse on the platform seem to be making their mark – but there’s a way to go before everyone feels safe there

Academia

Boeing invests in cyber warriors, gives 50 computer servers to new WWU CyberRange (bellinghamherald) Western Washington University students in the Computer Information System Security program will practice cyberwarfare training in its new CyberRange, thanks to a gift of 50 computer servers from Boeing, Western officials said.

Big Island Now: Students Can Test Aptitude Through CyberStart (Big Island Now) Gov. David Y. Ige today announced a partnership between the State of Hawai‘i and SANS Institute to offer high school and college students the opportunity this summer to participate in a free online cybersecurity assessment and exercise called CyberStart.

Cybersecurity game offered to Delaware high schoolers (Cape Gazette) A cybersecurity game is giving Delaware high schoolers a chance to learn about a growing industry

Cyber-security competition uncovers new talent to meet growing need for defence against threats (The Straits Times) Almost invisible yet highly dangerous, a cyber attack is nightmare for computer scientists, let alone a 17-year-old boy.. Read more at straitstimes.com.

Antivirus is dead, and young talents must fight Trojan war (South China Morning Post) Winnie Tang says with cyberattackers becoming ever more aggressive and global, rules and battle plans have to be redefined, and the government must urgently step up talent training in schools

Legislation, Policy, and Regulation

South Korean Foreign Ministry plans to upgrade cybersecurity measures (India) Seoul, July 23 (IANS) South Korea's Foreign Ministry will soon craft a mid-term plan to beef up cybersecurity measures, an official said on Sunday.

Defense ministry mulling over reform on cyber security, anti-espionage bodies (Yonhap News Agency) South Korea's defense ministry has been making a push to adjust the functions of its cyber security and anti-espionage units, each criticized for getting involved in politics and undue monitoring of individual soldiers, a military source said Sunday.

Saudi king overhauls security services following royal shakeup (Reuters) Saudi King Salman on Thursday decreed the consolidation of counter-terrorism and domestic intelligence under a new body, in a major overhaul of the security apparatus weeks after the interior minister was ousted from the royal succession.

Top U.S. General: Russia Just One Of Many Security Threats Facing Country (RadioFreeEurope/RadioLiberty) The top U.S. military officer has told a security conference that Russia is the “most capable state actor” that the United States faces, but it is just one of many security challenges in today’s environment.

NSA chief: 'Not the best time' for cyber unit (CNN) Adm. Mike Rogers, the director of the National Security Agency, said Saturday that "now is probably not the best time" to pursue a joint cybersecurity initiative with Russia -- an idea that President Donald Trump floated following his meeting with Russian President Vladimir Putin earlier this month.

Mike Rogers: NSA not about particular parties, viewpoints (UPI) National Security Agency Director Mike Rogers said he won't serve political purposes in his job because "I will not violate the oath that I have taken."

Letting Cyberattack Victims Hack Back Is a Very Unwise Idea (WIRED) Opinion: Retaliating against hacks is the wrong way to prevent them.

Trump's nominee for intel job backs ODNI role in intelligence integration (C4ISRNET) “As I look at it now, the integrated functions that the ODNI provides, particularly over time, have been remarkable in bringing together in ways we couldn’t have.”

Senator blasts FCC for refusing to provide DDoS analysis (Ars Technica) FCC is either too secretive or is unprepared for future attacks, senator says.

Pennsylvania's cybersecurity efforts, IT infrastructure might get an overhaul (LancasterOnline) As concerns rage at the national level about Russian hacking attempts in the 2016 U.S. election, Pennsylvania government could be on its way to revamping its own cybersecurity efforts and

Local governments keep using this software — but it might be a back door for Russia (Washington Post) The U.S. warning about Kaspersky leaves officials in the dark about possible risks.  

Litigation, Investigation, and Law Enforcement

Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law (Ars Technica) "Redirecting…Strontium domains will directly disrupt current Strontium infrastructure."

Interpol circulates list of 173 suspected members of Isis suicide brigade (the Guardian) Agency believes the fighters could have been trained to attack Europe as revenge for military defeat in Middle East

German girl arrested in Mosul is missing Linda Wenzel, say authorities (the Guardian) Wenzel disappeared from her home near Dresden last year and is believed to have been fighting for Islamic State in Iraq

Dark web markets shutdown may lead to more arrests (SearchSecurity) Shutdown of AlphaBay and Hansa dark web markets leads to potential data on hundreds or thousands of site vendors and users.

Family of dead AlphaBay suspect says he was a “good boy” (Ars Technica) Alexandre Cazes, 26, also apparently spent a lot of time in a "pickup artist" forum.

Intelligence director says agencies agree on Russian meddling (NBC News) Daniel Coats, the director of national intelligence, tells NBC's Lester Holt there is no dissent among U.S. spy agencies that Russia meddled in the election.

In break with Trump, top intelligence and homeland security officials affirm Russia's election meddling (USA TODAY) President Trump still won't say whether he believes Russia meddled in the presidential election. But his top homeland security officials affirm it did.

Russian who met Trump Jr. represented intelligence agency (KLTV) The Russian lawyer who met Donald Trump Jr. during the 2016 campaign has represented a military unit operated by Russia's intelligence agency, according to court filings obtained...

Co-founder of firm behind Trump-Russia dossier to plead the Fifth (Fox News) Glenn Simpson, whose Fusion GPS firm has been tied to anti-Trump efforts and pro-Russian lobbying, will not talk to lawmakers in response to a subpoena, the leaders of the Senate Judiciary Committe said Friday.

Fusion GPS Illuminates the Brave New World of Manufactured News for Hire (Tablet Magazine) Donald Trump, Jr. appears to be the latest figure in President Donald Trump’s inner circle to be caught in the giant web of the Great Kremlin Conspiracy. Trump the younger said he was promised dirt on Hillary Clinton, but that all he got in his June 2016 meeting with a Russian lawyer was an earful about dropping the Magnitzky Act, which sanctions Russian officials involved in the death of a Russian lawyer who was killed in detention.

Trump blames 'intelligence leak' for damaging report on Sessions (POLITICO) "These illegal leaks, like Comey's, must stop!" Trump tweeted.

Trump’s options on Russia probe: Discredit, pardon, fire (POLITICO) When it comes to responding to the Russia probe Trump and his advisers do not have many options. And the ones they have carry big political risks.

Spying in Mexico (Houston Chronicle) Martinelli is fighting extradition to his homeland where he faces charges of illegally spying on political rivals with the same Israeli-produced spyware the Mexican government now is accused of using for the same purpose.

New book explores how protesters—and governments—use Internet tactics (Ars Technica) The protest frontiers are changing. An entrenched researcher explains why they work.

Investigation launched into data breach after hacking of MPs' emails (The Independent) A cyber attack targeting the Houses of Parliament has caused a data breach after email accounts including a select committee’s mailbox were compromised. Investigators found that under 0.5 per cent of 9,000 accounts were compromised during the “sustained and determined” attempt last month, which resulted in part of the parliamentary email system being taken offline.

Hacker "BestBuy" Admits to Hijacking Deutsche Telekom Routers With Mirai Malware (BleepingComputer) A 29-year-old man pleaded guilty in court on Friday to hijacking over 900,000 routers from the network of Deutsche Telekom, according to several reports in the German press.

Briton admits to cyber-attack on Deutsche Telekom (the Guardian) Liberian telecoms company commissioned attack but had not asked for German firm to be hacked, 29-year-old tells Cologne court

45,000 Facebook Users Leave One-Star Ratings After Hacker's Unjust Arrest (BleepingComputer) Over 45,000 users have left one-star reviews on a company's Facebook page after the business reported a security researcher to police and had him arrested in the middle of the night instead of fixing a reported bug.

Sysadmin Gets 18 Months in Prison for Shutting Down Former Employer's Network (BleepingComputer) Joe Vito Venzor, 41, from El Paso, was sentenced this week to 18 months in prison for hacking and destroying the IT network of his former employee on the day he was let go.

ICO Fines Moneysupermarket £80K for Nuisance Emails (Infosecurity Magazine) ICO Fines Moneysupermarket £80K for Nuisance Emails. Price comparison site flaunted PECR rules

Director who outsourced Swedish government database to the cloud, where critical data was compromised, fined just £6,500 (Computing) Government database migrated to the cloud with IBM and NCR leaked witness protection details and military information to unauthorised people

27,482 Cases of Cybercrimes Reported in 2017, One Attack in India Every 10 Minutes (India.com) A total of 1.71 lakh cybercrimes were reported in India in the past three-and-a-half years.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Upcoming Events

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present...

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics...

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days...

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure...

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing...

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic...

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive...

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to...

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the...

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update...

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses,...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity...

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.